Managing Record-Level Security Dynamics Ax 2009
Record-level security builds on the restrictions enforced by user group
permissions. With user group permissions, you restrict which menus, forms, and
reports members of a group can access. Record-level security enables you to
restrict the information shown in reports and on forms.
Record-level security is commonly used in the following situations.
• Allow members of a Sales user group to see only the accounts they
• Prohibit financial data from appearing on forms or reports for a
specific user group.
• Prohibit account details or account IDs from appearing on forms and
reports for a specific user group.
• Restrict form and report data according to location or country/region.
Before You Begin
The process of setting record-level security involves selecting a database table in
the Record Level Security wizard. Tables store the data shown in reports and on
forms. You might find it helpful to work with a developer who has knowledge of
the database tables while configuring record-level security. The developer can
help you choose the table that directly corresponds to the report or form elements
to which you want to restrict access.
Also, verify the following before beginning:
• Does the user group that will be assigned record-level security
already exist or do you need to create a new user group?
• Does the user group have, at the very least, View permission for the
report or form? If, for example, a Finance user group does not have
any access permission for the General Ledger module, then it does
not make sense to assign record-level security to any report or form
in that module because the group cannot access those reports/forms
in the first place.
To Set Record-Level Security
Setting record-level security is a two-part process. The first part involves
selecting a user group and the appropriate database table using the Record Level
Security wizard. The second part involves creating a query that specifies the
fields and criteria to be applied when record-level security is enforced.
Record Level Security Wizard
This procedure shows you how to use the Record Level Security Wizard:
1. Click ADMINISTRATION → SETUP → SECURITY → RECORD LEVEL
2. Press CTRL + N to open the Record Level Security (RLS) wizard.
3. Select a user group and click Next.
4. Select a table. By default, the most frequently accessed database
tables are shown. Click Show all tables to expand the selection.
5. Click Finish.
Procedure − Set up a Query
This procedure shows you how to set up a query:
1. In the Record level security dialog box, select the user group and
click Query. The Inquiry dialog box appears. The Range tab shows
some of the common fields for the specified table. Your objective on
this tab is to specify the exact fields to be shown to the selected user
group on the report or form.
2. Select the first item listed on the Range tab. If no item is listed, press
CTRL + N.
3. Use the Field drop-down menu to select the field you want to show
on the form or report.
4. Use the Criteria drop-down menu to select the criteria for the
designated field. If no drop-down menu appears, enter the designated
5. As necessary, press CTRL + N to add additional fields and criteria.
6. Click OK.
7. Inform members of the selected user group that they must close their
current client sessions and start a new session. If necessary, end
active sessions from the Online users form.
8. Verify that record-level security is enforced on the desired report or
form by logging on to Microsoft Dynamics AX as a member of the
specified user group. You should see only the information specified
in the query for the designated criteria. If you see additional
information, verify your query.
Microsoft Gold Partner / Dynamics AX