Skip to main content

Filter customers by dimension using security policy [AX 2012]

I will start backward. Show what the result is and then will go into what I did to achieve this.

Lets say you want to filter the customer records based on the department dimensions that are assigned to the user logged in. This might include restricting the sales orders too based on those customers.




Create a new Organization hierarchy with the Security purpose assigned.


Edit the hierarchy and add the departments you plan on using.


Create a new security role and assigned organizations by specifically granting access to the departments.



Now for the technical aspects of this. I used security policies to achieve this result.

  • xds temp table which I have a the code to build (explode) the departments into the temp table.
  • Query which joins the customer table to the dimension tables so we can specifically get the Department dimension
  • Class created a method to retrieve the Department dimension attribute recId
  • New role which is a main driver of the roles and linked that to the policy
  • The policy with the main table and constrained tables


If you are using a different dimension. Make sure the change the dimension name that is coded here. This method is being used in the query range.



A few things to note:

  • When the user creates a customer – it disappears from view as the dimension is blank initially. You have the option of extending the query to show blank dimensions or another user that has full access creates the customer or you somehow default the dimension (by code).
  • There is a whitepaper that explains in detail how to restrict the user to the dimensions. Then in the later section explains how to use the these types of queries. Instead of using the workers position and assigned departments – I chose to do it in a simpler way using the users security role.


Must read Whitepaper: Securing Data by Dimension Value by Using Extensible Data Security (XDS)

Above example as an XPO to download

Popular posts from this blog

AX - How to use Map and MapEnumerator

Similar to Set class, Map class allows you to associate one value (the key) with another value. Both the key and value can be any valid X++ type, including objects. The types of the key and the value are specified in the declaration of the map. The way in which maps are implemented means that access to the values is very fast. Below is a sample code that sets and retrieves values from a map. static void checkItemNameAliasDuplicate(Args _args) { inventTable inventTable; Map map; MapEnumerator mapEnumerator; NameAlias nameAlias; int counter = 0; ; map = new Map(Types::String, Types::Integer); //store into map while select inventTable { nameAlias = inventTable.NameAlias; if (!map.exists(nameAlias)) { map.insert(nameAlias, 1); } else { map.insert(nameAlias, map.lookup(nameAlias) + 1); } } //retrieve fro

AX - How to use Set and SetEnumerator

The Set class is used for the storage and retrieval of data from a collection in which the values of the elements contained are unique and serve as the key values according to which the data is automatically ordered. You can create a set of primitive data types or complex data types such as a Class, Record or Container. Below is sample of a set of records. static void _Set(Args _args) {     CustTable       custTable;     Set             set = new Set(Types::Record);     SetEnumerator   setEnumerator;     ;     while select custTable     {         if (custTable && !         {             set.add(custTable);         }     }     if (!set.empty())     {         setEnumerator = set.getEnumerator();         setEnumerator.reset();         while (setEnumerator.moveNext())         {             custTable = setEnumerator.current();             info(strfmt("Customer: %1",custTable.AccountNum));         }     } } Common mistake when creating a set of recIds

Approve Workflow via email using template placeholders #Dyn365FO

Dynamics 365 for Finance and Operations has placeholders which can be inserted into the instructions. Normally you would want this to show up in the email that is sent. One of the most useful ones is the URL link to the exact record that you are approving. In the workflow configurations use the placeholder and build up your message. Towards the end it has workflow specific ones. The URL token is %Workflow.Link to web% . For the technical people the token is replaced in this class WorkflowDocumentField. This is what I inserted into my email template. <BODY> subject: %subject% <BR> message: %message% <BR> company: %company% <BR> for: %for% <BR> </BODY> Should look like this. The final result looks like this. If you debug these are the place holders that are put together.