Share via


Query Service Security

Important

This content is archived and is not being updated. For the latest documentation, see Microsoft Dynamics 365 product documentation. For the latest release plans, see Dynamics 365 and Microsoft Power Platform release plans.

Applies To: Microsoft Dynamics AX 2012 R2, Microsoft Dynamics AX 2012 Feature Pack, Microsoft Dynamics AX 2012

There are two types of security to consider when you work with the Microsoft Dynamics AX query service:

  • Access security – who can access the query service

  • Data security – what data can a user access by using the query service

Access Security

Only authenticated Microsoft Dynamics AX users can access the query service. In order to retrieve data by using the query service, you must have a valid username in Microsoft Dynamics AX. The query service uses Windows integrated security. Therefore, when a caller invokes the query service, the system verifies the credentials under which the calling client is running and verifies that the username is a valid Microsoft Dynamics AX user.

The query service is always available and any authenticated Microsoft Dynamics AX user can access the service.

Data Security

The data that a calling user can access by using the query service depends on what roles the user is a member of. The query service respects any record-level or field-level security that is implemented for the calling user.

The user’s security access determines the query behavior or the data that is returned for a user as shown in the following table.

Security Condition

Result

User does not have access to one or more tables accessed by a query data source.

The query will fail with an error that indicates that access is denied.

User does not have access to a field returned by a query data source.

The field is returned in the dataset but the field value is DbNull.

For more information about data that the AOS withholds from the current user, see Finding All Fields the AOS can Trim.

User does not have access to a field that is used in a query data source relation (join), order by, group by, data source range, or query filter.

The query will fail with an error that indicates that access is denied.

See also

Query Service