|
• Problem
It was possible to bypass the Record Level Security mechanism in Microsoft Axapta. A user group was not only able to view records assigned to that group but was also able to create a new record in the table with a value in the field that was beyond the allowed range.
Essentially the Record Level Security functionality worked as a filter rather than a real security feature.
• Solution
In order to provide a stronger record-level security check, manual user input in form fields is now validated against record-level security rules. Earlier, only the lookups were filtered. The field validation routine already exists in Microsoft Axapta Kernel – it checks user’s data for consistency. The routine has been modified so it treats data that does not comply with record-level security rules as inconsistent.
Thus, after a field passes the usual consistency check in the field validation routine, an additional check is performed. The user’s data is accepted as valid only if it passes both validation checks.
|