How to: Create a Filter Security
This walkthrough you will learn what needs to be set up in order to create a filter security so you can authorize users for rows in a table in Microsoft Dynamics 365 Business Central.
Story
Rental company RentCo wants to refine authorizations in Dynamics 365 Business Central to segregate duties . One of the focal points are the permissions to edit purchase documents: quote, order, invoice, credit memo, blanket order and return order. For quotes, orders, blanket and return orders only lines of the type empty (e.g. text), item and charge (item) are permitted, for invoices and credit memo's any type except fixed asset is allowed. All users are allowed to create and edit quotes, 10 users are allowed to create and edit purchase orders and only two users are allowed to user purchase invoices.
Purchase documents are stored in tables purchase header (id 38) and purchase line (id 39). However, default Business Central permits only authorization for the complete table, which means separate authorizations are not possible. RentCo really needs these separate authorizations and implements extension Compliance Field Security.
Prerequisite
- Extension Field Security is installed and setup is completed
- Setup of Field Security is done
Prepare for refining authorizations
Filter security splits up tables using filters on fields in the same table. Assignation of a part of a table is done through permission sets. Any permission set might be used, but for ease of administration and documentational purposes the use of clear names and descriptions is strongly recommended.
In the case of document types six permission sets are required, for each document type one.
- Option id is the place in the option list the document type is found;
- Document type is its textual name;
- Permission set is the name of the permission set we are going to create.
Split up table Purchase Header
Purchase documents consist mainly of two parts: the header and the lines. On the header information about the vendor, invoice and payment is stored. The contents of the document are defined in the lines, such as the number of items and the price. For a correct authorization of purchase documents you need two filter securities: one for each table.
First we configure splitting up table Purchase Header.
1. Choose the Search field in the top right corner and search for Filter Security List.
2. On the list of filter securities, click New. A new filter security window opens.
- The No. is filled automatically enter the field and leave it again.
- Fill the field Description with a comprehensible summary of the purpose of this filter security.
- Choose the table you want this filter security to apply to by clicking the AssistEdit button in the field Table ID. Alternatively, if you know the number you can enter it directly.
- Fill the lines: After selecting the table, you can enter filters on the lines.
3. Choose the field Document Type (id 1) to split the table in field Filter Field 1. You can also enter the field id.
4. The field Document Type is an option field. This means it only accepts predefined input. Enter 0 in the field Filter 1. If you leave the field, the page retrieves the document type: Quote. The options in default Business Central:
- 0 = Quote
- 1 = Order
- 2 = Invoice
- 3 = Credit memo
- 4 = Blanket Order
- 5 = Return Order.
5. Do this for every purchase document type: quote, order, invoice, credit memo, blanket order and return order.
6.Filter security only works when assigned to permission sets. Choose Assigned Permission Sets on the ribbon under Line. The page Permission Set per Filter Security opens.
7.Choose New. A new line is created.
8. Choose the AssistEdit button in the field Permission Set. The page Permission Sets opens.
9. To achieve the largest flexibility and security, you need to create a permission set per document type. Choose New in the ribbon on the page Permission sets.
10. The name of the new permission set should reflect that it authorizes a user to edit purchase quotes. Enter in the field Permission Set: PUR-QUOTE.
11. Fill the field Description: Maintain purchase quotes.
12. Choose Permissions in the ribbon with the new permission set selected. The permission page opens.
13. Create a new line with Permission
14. Confirm the selection by choosing OK.
15. Close the list Permission Set per Filter Security by choosing OK.
16. Notice the field No. of Assigned Permission Sets is updated.
17. Do this for any document type in the table Purchase Header. Create unique permission sets per document type for maximum flexibility and security.
- Note: the filter security needs to be invoked. It is only active if assgined to permission sets. It is if assigned:a user has permission set(s) which are assigned in the filter security AND
- a permission set with both insert, modify and optionally delete permissions assigned to the filter security. This means you need to assign permission sets with modify and insert to the relevant lines in the filter security.
18. The filter security is inactive until the Starting Date contains a date in the past or today. Furthermore, the filter security is inactive when the field End Date contains a date in the past.
19. The filter security is actually active after users log out from Business Central and log in again.
Split up table Purchase Line
Now that the purchase header is split up, we can do the same for the lines. Business Central supports creating several types of lines, by default ' ', which is used for text and empty lines, G/L Account, fixed assets and Charge (item). For RentCo we authorize on both the document type and line type, for which we need a second filter.
- Permission set is the name of the permission set we are going to create.
- Filter 1 - option id is the place in the option list the document type is found;
- Textual value is the readable version of the document type or line type;
- Filter 2 - option id is the place in the option list. | (pipe character) means OR: 0|2|5 means line type 0 OR 2 OR 5. This enables you to filter on multiple values.
1. If you already closed the list, open the Filter Security List again.
2. Create a new filter security by clicking New. The new filter security opens.
3. Enter a Description by which you know the purpose of this filter security.
4. Choose the table Purchase Line by clicking on the AssistEdit button of the field Table ID and confirm with OK. Alternatively, you can enter the object id 39.
5. Add the columns Filter Field 2 Caption, Filter Field 2 and Filter 2 to the page by clicking on the column head and choose Choose Columns.
6. Fill the lines based upon the table above.
- Just like for the table purchase header, we need to filter on the field Document Type. Open the Field List by choosing the AssitEdit button of the field Filter Field 1 and choose Type. Alternatively, enter the field id 1.
- For quotes, enter option id 0 in the field Filter 1. The textual values are retrieved.
- The second filter is on the line type. Open the Field List by choosing the AssitEdit button of the field Filter Field 2 and choose Type. Alternatively, enter the field id 5.
- For quotes, enter option id 0|2|5 in the field Filter 2. The textual values are retrieved.
- This is the filter on the lines of purchase quotes. Now we need to assign the permission set PUR-QUOTE to these filters. Select the line and choose Assigned Permission Sets on under Line on the ribbon. The page Permission Sets opens.
- You can filter on the name of the permission set and choose OK.
- Do this for every document type as described in the overview above. For unique assignation, every document type needs a separate line. Note that the same limitation applies as for table Purchase Header: the filter is for users with permissions in permission sets NOT attached to the filter security.
7. The filter security is inactive until the Starting Date contains a date in the past or today. Furthermore, the filter security is inactive when the field End Date contains a date in the past.
8. The filter security is actually active after users log out from Business Central and log in again.