AX-2012 - Record Level Security for Transfer order screen
In
this article we will cover Record Level Security. We will learn how to implement record level security on Transfer Order Screen by following the step-by-step walk-through.
Scenario:-
As part of this tutorial, Consider that we need to set restriction on shipping and receiving Transfer order, as each warehouse has a responsible user and only this user should be able ship and receive goods on his owned warehouse.
We will set a restriction on transfer order screen so each user can view only TOs which is related to there warehouse, and set restriction on shipment and receiving so user can only ship from there warehouse or receive on there warehouse.
Solution:-
For each warehouse create a new role and for each role create two security policy, One to set restriction on Transfer order view and another one to control the ability of shipping and receiving on TO.
For ex the user is responsible for warehouse 31.
Steps:-
1-Create a new Role Named "Site31", user with these role will be able to view TOs From/To warehouse "Site31" and also ship TO from warehouse "Site31" and receive To on warehouse "Site31".
2-Create two Security policy and two query to handle the restriction on transfer order screen.
3-Create a Query named "Site31view" and add "invent Transfer Table" as data source, this query will be used to view only TOs that is belong to user warehouse.
4-Add Range on the data source to select TOs that are from/to user warehouse as below
5-Create a new security policy named "Site31View" and assign query "Site31view" on it
As below :-
Primary table: invent transfer table Query: Site31view
Constrained table: yes Enabled: yes
Operation: select RoleName: Site31
6-Create second Query named "Site31CRUD" and add "invent Transfer Table" as data source, this query will be used to set restriction on shipment and receiving so user can only ship from there warehouse [Site31] or receive To there warehouse [Site31].
These query will be validate by the system whenever a TO is updated or inserted.
7-Add Range on the data source as below :-
So user can update TO when TO is from warehouse "31" with status "Created" or To warehouse "31" with status shipped.
These ranges will allow user with role "site31" to ship TOs from there warehouses [site31], and receive TOs to there warehouses [site31].
Note:-When add the range on query the expression range may be too large to be inserted as the range has limit length,you can split the expression on two ranges but take care that these two ranges should be on the same field if you want to concatenate between them with "OR" clauses If they are different field the expression will be "AND" clauses.
8-Create a security policy for CRUD operation and set property as below:-
Primary table: invent transfer table Query: Site31_CRUD
Enabled: yes Operation: insert, update and delete
Role: Site31
9-Go to System Administration >> Users >> select any user >> Click on Assign roles and Assign Role "Site31" on the user.
Now , let us log in with the user credentials for which we have assigned the new Role and verify that user can only view TOs From/To his owned warehouse and ship Transfer order screen from his warehouse and receive TOs to his warehouse.