dynamic logo

HR & Payroll Add-on for Australian Businesses

Search

“ What are XDS Security Roles in Dynamics 365 Finance? ”

The Extensible Data Security (XDS) architecture is a feature in D365 Finance and AX 2012 that allows users to complement role-based security by restricting access to table or tables based on policy. This feature evolved from the record-level security that existed in prior versions of Dynamics AX.

Simply put, XDS adds a WHERE (or ON) statement to any SQL SELECT, UPDATE, DELETE, or INSERT operation performed on a table using parameters from another linked table.

In this article, we will talk about everything you need to know about XDS security roles in D365 before you assign roles. It is important to understand the duties and privileges of each to make a careful decision. 

Setup - Developing an Extensible Data Security Policy

Before you begin designing XDS regulations, there are a few things you should understand and keep in mind:

How to Apply Multiple XDS Policies to the Same Role?

There are different scenarios at the hands of the developers, but we will only talk about one right now to help you understand the level of access each offers. In this case, we want a role to only be able to communicate with customers and vendors that have a group (CustGroup/VendGroup) equal to 10.

The first thing we did was develop a position that grants complete control over both customers and vendors. The following is what the test user sees when assigned this role:

Dynamics-365-Finance

To apply the XDS policies, you must first develop the Customer and Vendor queries.

XDS-Policies

Then, define security policies for these queries. Some things to consider here:

XDS-Security-roles-in-Dynamics-365

Then, create a role (FpGroupXDSRole) to which we assign the proper responsibilities; note that we set the Context String to the same string as my security policies. Both XDS policies will apply to this position.

XDS-Security-roles-in-D365

As soon as the user is given this role, it is clear that both policies are successfully implemented.

Dynamics-365-Finance

In the previously mentioned test, we defined the role using the AOT. We also wanted to confirm that a position created through the user interface worked as expected. So, we created a role in D365FO’s Security Configuration area and ensured that the Security Policy Context String remained the same as previously (GroupXDSPolicy).

Security-Configuration

XDS Policy By Pass Role Scenario Test Role

As an expert, the description given by Microsoft may make you wonder about a few things. As per the description, this role is for security, which raises some questions for me. The description is for XDSPolicy Bypass UT. There is no more information in Microsoft documentation for this. 

However, it does suggest opening links to Xbox support instead, and it is not useful. However, we did run a Metadata search in Visual Studio, reverse-engineered various kernel DLLs, and used the cross-reference feature. Initially, there was only one hit: the security role object named XDSPolicyByPassRoleScenarioTestRole. 

Please remember to update the cross-references after one or two updates. Updating cross-references for standard application objects leads to a security policy named XDSCustTableOnCustGroup10Policy.

Security-Roles

When to Bypass Data Security Policies

This role will affect user behavior by granting pure role-based access permissions without data constraints set in security rules. When will this be useful, and what considerations should be made before assigning such a job to a user in an environment?

Remember that granting access to this role should be the exception. This should be carefully examined, just like when assigning the system administrator role. Do not assign this role unless there is a valid business reason. Some reasons why breaching data security may be valid include:

When possible, use this role in non-production environments. Only when you think there is no other option can you consider assigning the role to a user in a production environment.

Considerations When Applying XDS Data Access Policy By pass Role

If you apply the XDSDataAccessPolicyBypassRole, the user will be able to see all private addresses and contact details despite the settings for the roles in the parameters. If you allow a user to bypass the data security policies, you might violate certain regulations. Not only the European Union but also other countries have data privacy laws that should be followed carefully to prevent possible high fines for privacy breaches.

Whenever you need to, only use this role in non-production settings. Only when you have no other option, in case you assign this role, keep in mind the user will be able to access all private information regardless of the roles specified in the parameters. 

Allowing a particular user role to evade data security controls may violate some regulations. Also, right now, almost all countries are quite strict about privacy regulations. So, be aware that you comply with them and be careful when assigning a role. 

Bottom Line

Dynamics 365 finance security roles are significant for any organization. So, when you are assigning these roles, make sure you understand as many scenarios as possible. You can find a detailed description of each on the Microsoft website. 

However, you still might need the assistance of Microsoft experts at DHRP. We can help you with extensible data security XDS roles while understanding your business security needs. So, reach out, and let’s keep the sensitive data safe.

dhrp team bottom line

INTERESTED

Get in Touch with us Today !



    You consent to the processing of your personal data by clicking on the button. Terms of Use

    HR & Payroll Software For Finance

    Download Template

    You consent to the processing of your
    personal data by clicking on the button.
    Terms of use.

    Download Template

    You consent to the processing of your
    personal data by clicking on the button.
    Terms of use.

    Download Template

    You consent to the processing of your
    personal data by clicking on the button.
    Terms of use.

    Download Template

    You consent to the processing of your
    personal data by clicking on the button.
    Terms of use.

    Download Template

    You consent to the processing of your
    personal data by clicking on the button.
    Terms of use.

    Download Template

    You consent to the processing of your
    personal data by clicking on the button.
    Terms of use.

    Download Template

    You consent to the processing of your
    personal data by clicking on the button.
    Terms of use.

    Download Template

    You consent to the processing of your
    personal data by clicking on the button.
    Terms of use.

    Join The Team

    You consent to the processing of your
    personal data by clicking on the button.
    Terms of use.

    Download Template

    You consent to the processing of your
    personal data by clicking on the button.
    Terms of use.