Hi,
Greetings!!
A brief background - We are using custom security roles and policies (using XDS Framework) in this implementaion. We have created a security policy query on DimensionAttributeValueCombination table as shown below, it's a simple filter on LedgerDimensionType and DisplayValue (Please see the ranges in Screenshot 2)
Screenshot# 1 (Security Policy Query) :
Image may be NSFW.
Clik here to view.
Screenshot# 2 (Query Ranges/Filter):
Image may be NSFW.
Clik here to view.
Now, going one level up, to security Policy, Please see the below screenshots for the definition of our Security Policy and Constrained tables within it.
Screenshot# 3: (Security Policy)
Image may be NSFW.
Clik here to view.
Screenshot# 4: (Security Policy(Constrained Tables))
Image may be NSFW.
Clik here to view.
As you might have already seen in Screenshot# 3, the security policy is attached to ContextType RoleName and we have added a test user to that security role. So far, all good.
Now, when the user with the above security role logs in to AX and navigates to GL > Trial Balance, as expected the accounts are filtered based on the query ranges i.e. it brings all accounts which ends with -1-003 and -1-007 as expected. All good here.
But the trouble starts, when we go to forms like Free Text Invoices under AR, The user with the above role can create a new free text invoice header from AR > Free Text Invoices, but when they go to create an invoice line and select the main account from the drop down, the system just hangs, Also we have experienced similar issue when we try to select an account from GL > General Journal
Screenshot# 5: Free Text Invoice
Image may be NSFW.
Clik here to view.
I tried to debug and see the SQL query behind the scene via SQL Profiler and it tells me that the Security policy is in force and it's trying to do an insert into DimensionAttributeValueCombination table, but failing to do so because of the Security query, for testing purpose if i remove the security role from the user's login or try posting the free text invoice as a system admin, it works (because obviously the security policy is not in force)
Is there anything being done wrong above? I also tried disabling the security policy via code i.e. going to CustInvoiceform and using xds.SetXDSContext(0." ") to bypass the security, but this is not working. I also tried disabling the security policy in table methods before insert or validatewrite, but no results.
I checked the forums before posting here and found some interesting posts on XDS Framework, but haven't been answered fully. Like the one where we can have a dynamic query would be nice to have.
http://community.dynamics.com/ax/f/33/t/97472.aspx
https://community.dynamics.com/ax/f/33/t/100072.aspx
http://community.dynamics.com/ax/f/33/t/88603.aspx
Any recommendations or suggestions are welcome. TIA
Cheers,
Dilip