Extensible Data Security (XDS) Policy – Microsoft Dynamics AX 2012
What is XDS?
The Extensible Data Security policy framework is the Application Foundation framework provided by Microsoft Dynamics AX 2012 (new feature) in addition to the role-based security in order to secure the data.
Dynamics AX Admins and developers can use the security policies to block access to specific rows in a table. In the AOT, policies can be found under node Security > Policies.
XDS policy can be utilized for setting security privileges on the global address book.
Conceptual Model of XDS
Source: https://msdn.microsoft.com/en-us/library/hh272123.aspx
Data Security concepts
In order to successfully use the XDS framework, one needs to get familiar with the basics and need to understand the following concepts.
Primary Table
A primary table is used to secure the data of the constrained table.
Constrained table
A constrained table is the table used in a given policy from which the data is filtered based on the policy query.
Policy Query
Policy query helps secure the data in the constrained table defined in a security policy. This query will return data from primary table which is then used to secure data in the constrained table. The policy can be thought of as WHERE clause in an SQL view or statement that specifies the data/records to be returned.
While creating the policy query and selecting the value for constrained table property of the Policy Query object, it can be set to Yes or No.
Constrained table property = Yes; means that the policy restricts the records that are returned from the primary table.
Constrained table property = No; means that the policy does not restrict the records that are returned from the primary table.
Context
This is the most important thing as a context has to be defined that is the circumstances where that XDS policy is applicable. You must define context in order to use the policy defined. Keep in mind that you won’t be able to use the policy even if it is enabled unless context is defined.
Create and Implement XDS Policy
These are the basic steps high-level steps in order to create policy
Step 1: Creating the query on the primary table
Step 2: Creating the policy
Step 3: Adding the constrained tables and views
Step 4: Setting the context
Step 5: Enable policy
The steps in detail will be explained later.
Considerations while developing the Extensible Data Security
- Applying the XDS policy on a constrained table will affect the run-time performance. In order avoid that use less joins
- To achieve better performance and efficiency use XDS constructs
“Extensible Data Security (XDS) policies can create a run-time performance overhead if not used efficiently”
Using XDS constructs
Data can become complex. Queries created can become too complex having joins with too many tables due to database being too much normalized and complex. The longer the queries and more joins, it will take more time to get the resultant data. This can become a serious performance issue.
What are XDS constructs
The Extensible Data Security constructs are temporary tables that are populated once for every client session for holding static data that is most frequently required. This data then can be used in subsequent calls.
In order to avoid performance overhead, the data that is required once is retrieved and kept in the temporary table for any further subsequent calls. The database hit is saved. For example, we need to get the departments of the logged-in user. This is a data that we need once and is not changeable in a current session.
How to use XDS constructs
The method XDS() is available in Dynamics AX to the developers to write the X++ logic in order to populate the required data in the temporary table. You have to call the XDS method first time in the policy query with the construct as data source. After the temporary table is populated, subsequent policy queries will use the temporary table.
To be continued…