Dynamics F/SCM
Dynamics F/SCM
Organizer:
- JOSE Organized by
-
-
Sensitive Bank Account Duties not working as expected
-
Sensitive Bank Account Duties not working as expected
-
We need to restrict the visibility of customer and vendor bank account numbers from some users.Ā I am attempting to use the following duties:View sensitive customer bank information
View sensitive vendor bank informationI’ve created new roles for users that need to see other customer and vendor data but have specifically excluded these duties, however the users in question are still able to see the bank accounts on the customer and vendor main screen under the payment fasttab and in the bank account menu item.Ā Browsing the roles with these duties in the security configuration, I am fairly certain that the users are not getting this access through another role.
Can anyone help me with how to do this?Ā Also, what should the desired outcome look like?Ā Blank field, masked field, hidden field?
I’ve had success setting up a deny permission on the Federal Tax ID field, but would prefer to use the out of the box duties.
——————————
Mark Schurmann
Accounting Systems Manager
Automobile Protection Corp
Norcross GA
—————————— -
AssigningĀ view privilege does not mean you/users are not going to see those vendor or customer at all.Ā With view privilege you can still see the screen but wont be able to edit anything on that screen. If youĀ dont want user to see anything on this form then dont give them access.
What roles are assigned to those users who sees these form even after excluding these privileges ? Are those custom role or standard role ?
——————————
Sukrut Parab
Hitachi Solutions America, Ltd.
Irvine
——————————
——————————————- -
Microsoft went out of their way to setup duties around “sensitive” data.Ā The customer bank account number is displayed on the main customer screen on the payment tab.Ā I expect that the customer bank account number is “sensitive” data and only users that have been granted this duty would be able to see it.Ā We have many users that need to access and edit the customer screen.Ā Only a select few should be able to see or edit the customer bank account.Ā What does this duty do if it is not to restrict access to other users?
——————————
Mark Schurmann
Accounting Systems Manager
Automobile Protection Corp
Norcross GA
——————————
——————————————- -
I just checked dutyĀ View sensitive customer bank information and it used privilegeĀ CustBankAccountsTPFView which has read access given toĀ 3 fields , which is going toĀ show these fields to users.Ā
——————————
Sukrut Parab
Hitachi Solutions America, Ltd.
Irvine
——————————
——————————————- -
They are custom roles and do not have the sensitive data duties assigned.
——————————
Mark Schurmann
Accounting Systems Manager
Automobile Protection Corp
Norcross GA
——————————
——————————————- -
Hi Mark,
The standard duties and privileges do have access to all fields on the customer and customer bank account tables. You have to create privileges or override table permissions on the role itself to restrict access to the sensitive fields to persons who are not allowed to see them.Ā
If you created a new privilege yourself, then also the fields are initially visible, unless you override table permissions.——————————
kind regards,AndrƩ Arnaud de Calavon
Solution Architect, Microsoft MVP – Microsoft Dynamics Business Solutions
——————————
——————————————- -
Sorry, I’m still confused.Ā The “Sensitive” data duties are standard.Ā If all of the roles, standard or custom, have access to the fields underlying the “Sensitive” data, what is the purpose of the “Sensitive” data duties?
——————————
Mark Schurmann
Accounting Systems Manager
Automobile Protection Corp
Norcross GA
——————————
——————————————- -
Hi Mark,
I can understand your confusion. In my opinion it would make sense to have standard duties which initially don’t have access to sensitive fields. Other duties can complement then. When you create new privileges yourself, then initially, you don’t have access to fields marked as sensitive using the Table Permissions Framework. You do have access to e.g. the default bank account field on the customer and vendor master. (This to clarify the confusion if you read my previous reply and combine it with this new reply).Ā
In the case, you have your own privilege without access the sensitive fields, you can add the privilege or duty granting this access.If you now look at the current implementation of ‘Not set’ and ‘Deny’, then there is a gap preventing Microsoft and ISV’s to deliver your requirement out of the box. If you grant e.g. view access on a bank account number, you also have to deny update access to prevent making updates. The combination of ‘View’ set to grant and ‘Update’ to deny is not possible within Visual Studio. If you have a deny somewhere it has priority above granting a certain permission.Ā Ā
I do think for this reason, it is currently up to an implementation how to configure the security.——————————
kind regards,AndrƩ Arnaud de Calavon
Solution Architect, Microsoft MVP – Microsoft Dynamics Business Solutions
——————————
——————————————-
-
-
0 Replies
Sorry, there were no replies found.
The discussion ‘Sensitive Bank Account Duties not working as expected’ is closed to new replies.
