Skip to main content

Filter customers by dimension using security policy [AX 2012]

I will start backward. Show what the result is and then will go into what I did to achieve this.

Lets say you want to filter the customer records based on the department dimensions that are assigned to the user logged in. This might include restricting the sales orders too based on those customers.




Create a new Organization hierarchy with the Security purpose assigned.


Edit the hierarchy and add the departments you plan on using.


Create a new security role and assigned organizations by specifically granting access to the departments.



Now for the technical aspects of this. I used security policies to achieve this result.

  • xds temp table which I have a the code to build (explode) the departments into the temp table.
  • Query which joins the customer table to the dimension tables so we can specifically get the Department dimension
  • Class created a method to retrieve the Department dimension attribute recId
  • New role which is a main driver of the roles and linked that to the policy
  • The policy with the main table and constrained tables


If you are using a different dimension. Make sure the change the dimension name that is coded here. This method is being used in the query range.



A few things to note:

  • When the user creates a customer – it disappears from view as the dimension is blank initially. You have the option of extending the query to show blank dimensions or another user that has full access creates the customer or you somehow default the dimension (by code).
  • There is a whitepaper that explains in detail how to restrict the user to the dimensions. Then in the later section explains how to use the these types of queries. Instead of using the workers position and assigned departments – I chose to do it in a simpler way using the users security role.


Must read Whitepaper: Securing Data by Dimension Value by Using Extensible Data Security (XDS)

Above example as an XPO to download

Popular posts from this blog

AX - How to use Map and MapEnumerator

Similar to Set class, Map class allows you to associate one value (the key) with another value. Both the key and value can be any valid X++ type, including objects. The types of the key and the value are specified in the declaration of the map. The way in which maps are implemented means that access to the values is very fast. Below is a sample code that sets and retrieves values from a map. static void checkItemNameAliasDuplicate(Args _args) { inventTable inventTable; Map map; MapEnumerator mapEnumerator; NameAlias nameAlias; int counter = 0; ; map = new Map(Types::String, Types::Integer); //store into map while select inventTable { nameAlias = inventTable.NameAlias; if (!map.exists(nameAlias)) { map.insert(nameAlias, 1); } else { map.insert(nameAlias, map.lookup(nameAlias) + 1); } } //retrieve fro

AX - How to use Set and SetEnumerator

The Set class is used for the storage and retrieval of data from a collection in which the values of the elements contained are unique and serve as the key values according to which the data is automatically ordered. You can create a set of primitive data types or complex data types such as a Class, Record or Container. Below is sample of a set of records. static void _Set(Args _args) {     CustTable       custTable;     Set             set = new Set(Types::Record);     SetEnumerator   setEnumerator;     ;     while select custTable     {         if (custTable && !         {             set.add(custTable);         }     }     if (!set.empty())     {         setEnumerator = set.getEnumerator();         setEnumerator.reset();         while (setEnumerator.moveNext())         {             custTable = setEnumerator.current();             info(strfmt("Customer: %1",custTable.AccountNum));         }     } } Common mistake when creating a set of recIds

Import document handling (attachment) files #MSDyn365FO

Out of the box you have limited data entities for migrating attachments. If you search what is already in the AOT, you will see a few various examples. I suggest you look at the LedgerJournalAttachmentsEntity as it is the simplest and cleans to copy from. I wont go into detail but I will give a quick run down of what it looks like. Use the DocuRefEntity as your main datasource. It does most of the work for you. Set your table you want to import for as the child datasource Add the Key You will need to add the postLoad method. There is minor code to update the virtual field FileContents. Below is an export I did for the general journal attachments. The import zip structure should be the same way. It will create the usual artifacts such as the excel, manifest and package header xml files. You will see a Resources folder under that. If you drill down to the resources you will see the attachments. This is an export and it used the document GUID for uniqueness. The other thing is the extensi