To ensure that TestUser cannot access secure data, you must modify the code in the General Ledger forms.
This topic explains how to edit the code on these forms.
To add code to support security filters on forms
Log on to the database as an administrator and open the G/L Balance by Dimension window.
Click CTRL+F2 to open the form in Form Designer.
Click View, and then click C/AL Globals to open the C/AL Globals window.
This window contains a global variable called
GLAccthat refers to the G/L Account table.
Click View, and then click C/AL Code to open the C/AL Editor and see the code that the form contains.
The first line of code in the OnOpenForm trigger is:
This ensures that any security filters that have been set up for the current user are applied to this global variable in the code. However, the matrix form here contains functionality that allows you to change the filters that are used on the data. This means that the filters are cleared and reset. Furthermore, the C/AL language contains a function called
RESETthat is used to clear any filters that are set so that new filters can be set.
With this in mind, it might be a good idea to see if the code in the G/L Balance by Dimension form uses the
Use the Find window to locate all the places where the
RESETfunction is called. It occurs in two places—in the
SetCommonFiltersfunction and in the
CalcAmountfunction. Both of these are user-defined functions.
Look at the local variables that have been declared for these functions.
SetCommonFilterfunction contains a parameter that calls the G/L Account table by reference.
Look at the code in these functions. In the
CalcAmountfunction, after the code calls the
RESETfunction on the
GLAcc globalvariable, it calls the
SetCommonFiltersfunction. All of this suggests that the instance of the
RESETfunction that is most relevant is the one that occurs in the
Enter the following code immediately after the
RESETfunction in the
Close, save, and compile the form.
Log on to the database again as TestUser and open the G/L Balance by Dimension window. Remember to select Department in the Show as Lines field.
The form no longer displays data that belongs to the other departments.
You have now successfully implemented record level security for posting and ensured that the user only has read access to the data specified by their security filters.