Extensible Data Security (XDS) Policy – Microsoft Dynamics AX 2012

What is XDS?

The Extensible Data Security policy framework is the Application Foundation framework provided by Microsoft Dynamics AX 2012 (new feature) in addition to the role-based security in order to secure the data.

Dynamics AX Admins and developers can use the security policies to block access to specific rows in a table. In the AOT, policies can be found under node Security > Policies.

XDS policy can be utilized for setting security privileges on the global address book.

Conceptual Model of XDS

 

Conceptual Model of XDS Policy

Conceptual Model of XDS Policy

Source: http://msdn.microsoft.com/en-us/library/hh272123.aspx

Data Security concepts

In order to successfully use the XDS framework, one needs to get familiar with the basics and need to understand the following concepts.

Primary Table

A primary table is used to secure the data of the constrained table.

Constrained table

A constrained table is the table used in a given policy from which the data is filtered based on the policy query.

Policy Query

Policy query helps secure the data in the constrained table defined in a security policy. This query will return data from primary table which is then used to secure data in the constrained table. The policy can be thought of as WHERE clause in an SQL view or statement that specifies the data/records to be returned.

While creating the policy query and selecting the value for constrained table property of the Policy Query object, it can be set to Yes or No.

Constrained table property = Yes; means that the policy restricts the records that are returned from the primary table.

Constrained table property = No; means that the policy does not restrict the records that are returned from the primary table.

Context

This is the most important thing as a context has to be defined that is the circumstances where that XDS policy is applicable. You must define context in order to use the policy defined. Keep in mind that you won’t be able to use the policy even if it is enabled unless context is defined.

Create and Implement XDS Policy

These are the basic steps high-level steps in order to create policy

Step 1: Creating the query on the primary table

Step 2: Creating the policy

Step 3: Adding the constrained tables and views

Step 4: Setting the context

Step 5: Enable policy

The steps in detail will be explained later.

Considerations while developing the Extensible Data Security

  1. Applying the XDS policy on a constrained table will affect the run-time performance. In order avoid that use less joins
  2. To achieve better performance and efficiency use XDS constructs

“Extensible Data Security (XDS) policies can create a run-time performance overhead if not used efficiently”

Using XDS constructs

Data can become complex. Queries created can become too complex having joins with too many tables due to database being too much normalized and complex. The longer the queries and more joins, it will take more time to get the resultant data. This can become a serious performance issue.

What are XDS constructs

The Extensible Data Security constructs are temporary tables that are populated once for every client session for holding static data that is most frequently required. This data then can be used in subsequent calls.

In order to avoid performance overhead, the data that is required once is retrieved and kept in the temporary table for any further subsequent calls. The database hit is saved. For example, we need to get the departments of the logged-in user. This is a data that we need once and is not changeable in a current session.

How to use XDS constructs

The method XDS() is available in Dynamics AX to the developers to write the X++ logic in order to populate the required data in the temporary table. You have to call the XDS method first time in the policy query with the construct as data source. After the temporary table is populated, subsequent policy queries will use the temporary table.

To be continued…

Abubaker Siddiq Shekhani

Abubaker Shekhani is an IT Entrepreneur and Full Stack Developer. He is the co-founder and the Developer behind Mytabeeb, a health care solution. He has worked for 5 years in Microsoft Dynamics AX space with Techno-functional role and glad to be one of few Microsoft Dynamics AX developers/consultants in Pakistan. He is TEDx speaker and likes to speak in public. He is an Amateur Astronomer and Astrophotographer. He is the founding member of Karachi Astronomers Society. He can be reached at me@abubakershekhani.com.