Advanced Cloud Security + Compliance

Compliance Setup

Field-level compliance lets you define rules for specific fields on a table (for example, the Item table) and then:

  • Show a Compliance Status section on card and/or list pages

  • Evaluate whether each record is Compliant / Not compliant

  • Block actions (entering an item number, releasing documents, posting, etc.) when the related record is not compliant

  • Optionally require a human approval step before changes become compliant

This setup is done in two phases:

  1. Build phase (one-time per table/page binding): choose the table, UI placement, fields, and where to block usage → then generate and deploy a companion extension.

  2. Rule phase (ongoing): define and refine field checks/expressions and (optionally) approval rules → no rebuild required.

Prerequisites and recommended approach

  • Install Advanced Cloud Security in a sandbox for initial setup and testing.

  • Decide which table you want compliance on (this guide uses Item).

  • Decide where you want compliance UI to appear:

    • Card page (e.g., Item Card page 30)

    • List page (e.g., Item List page 31)

  • Decide where compliance should block standard Business Central functionality (examples in this guide):

    • Stop entering non-compliant items in Item Journal

    • Stop entering non-compliant items on Sales Lines

    • Stop releasing Sales Orders that contain non-compliant items

Recommended: Build in sandbox, then install the generated .app in production and move setup via a configuration package.

Build phase — enable compliance on a table

Before you can enable compliance you must ensure that you have completed the Setup process and downloaded Symbols, check here to see how.

Step 1 — Add a Compliance Table

  1. Open Advanced Cloud Security.

  2. Go to Compliance Tables.

  3. Choose New.

  4. Select the table you want (example: Item).

  5. (Optional) If you use multiple companies, choose which companies this applies to.

  6. Set Compliance Active = On.

Step 2 — Place compliance UI on pages

You can place compliance fields on a card, a list, or both.

Card page placement

  1. In the compliance table setup, select Card Page.

  2. Choose Item Card (30).

  3. Choose an Add after section (example: after the Item section).

List page placement

  1. Select List Page.

  2. Choose Item List (31).

  3. Choose an Add after field (example: after Description).

At this point you’ve defined where compliance exists for the table and pages.

Build phase — choose fields to govern

Step 3 — Select compliance fields

  1. From your compliance table entry, open Fields.

  2. Select the fields that should be governed by compliance rules.

Example fields on Item:

  • Description

  • Base Unit of Measure

  • Inventory Posting Group

  • Unit Cost

  • Unit Price

Optional — Show “required” indicator (red asterisk)

For fields you want to visually highlight, enable the red asterisk indicator (example: Description and Base Unit of Measure).
This signals “this field is part of compliance” to users.

Build phase — block usage when not compliant

You can stop downstream processes from using non-compliant records in two ways:

Option A — Field Events (directly tied to specific fields)

Use this when there is a clear, direct field link to your table.

  1. Open Field Events.

  2. Find fields in the system that reference your table (example: Item No. on Item Journal Line).

  3. Add the field event so users can’t select/use a non-compliant item in that context.

Example outcome: Item Journal cannot use an Item that is not compliant.

Option B — Events (for complex “Number” fields and broader triggers)

Some places (like Sales Line No.) can reference multiple types (Item, G/L, Resource, etc.), so they may not appear as straightforward field events. Use Events instead.

  1. Open Events.

  2. Add a new subscriber/check.

  3. Choose an event that triggers when an Item is applied/validated.

Examples:

  • Block entering an Item on sales documents by using an event that fires when the line copies from the Item (e.g., “after copy from item”).

  • Block releasing Sales Orders by subscribing to an event in the release process (example: in codeunit 414 around sales line checks / release validations).

Tip: Event selection can be technical. If you’re unsure which event is best, involve your partner/technical consultant.

Build phase — generate and deploy the compliance extension

Step 4 — Create Extension

When you choose Create Extension, Advanced Cloud Security will:

  • Generate a new extension that includes all compliance bindings you selected (and security bindings if configured)

  • Compile it into an .app

  • Download the .app

  • Install it into your sandbox

After deployment:

  • Item Card will show a new section like Compliance Status

  • Item List will show a Compliant field/column

Important: Nothing is compliant yet until you define checks.

 

Setup and Rule phase — add field checks and expressions

Now you define what “compliant” means for each selected field.

Step 5 — Add checks per field

  1. Go back to Advanced Cloud Security → your table → Fields.

  2. Select a field.

  3. Add a Field Check:

    • Give it an ID (example: 1)

    • Choose the check type:

      • Not blank

      • Expression

Examples from the Item setup

Description

  • Check: Not blank

Base Unit of Measure

  • Check: Expression

  • Example expression: = 'PCS' (or your chosen code)

  • Use Verify to confirm the expression is valid.

Inventory Posting Group

  • Check: Not blank

Unit Cost

  • Check: Expression

  • Example: > 100

  • Verify the expression.

Unit Price

  • Check: Expression

  • Example: > ("Unit Cost" * 1.2) (pricing must exceed cost by your required margin)

  • Verify the expression.

Good to know

  • You can adjust checks later without rebuilding the extension.

  • There’s a built-in cheat sheet/help for what you can type in expressions.

 

Using compliance in the Item Card and Compliance Overview

What users see on records

  • A Compliance Status section on the Item Card

  • The Compliant indicator on the Item List

Compliance Overview (record-level breakdown)

From an Item:

  1. Choose RelatedCompliance Overview.

  2. Review which fields are compliant and which are failing.

  3. See a change log for compliance-related fields (who changed what and when).

Example behavior

  • If Unit Cost or Unit Price fails, the item becomes Not compliant.

  • Fixing the fields so all checks pass returns the item to Compliant.

  • Changing a value later can immediately make it Not compliant again.

 

What happens when a record is not compliant

If you configured Field Events / Events to block usage, users will see errors such as:

  • In Item Journal: You cannot use [Item] — not compliant

  • On Sales Orders: You cannot use this item as it’s not compliant

  • When releasing a Sales Order: Cannot release because it contains an item that is not compliant

This is how you prevent non-compliant master data from being used in transactions.

 

Add approvals (human in the loop)

Approvals let you require sign-off before a record becomes (or remains) compliant.

Step 6 — Define approvers

  1. Go to the approval/approver setup in Advanced Cloud Security.

  2. Add the person (or define a group) who can approve compliance changes.

Step 7 — Create an Approval Rule

  1. Create a new Approval Rule (example name: Item approvals).

  2. Choose who approves:

    • Specific person or Group

  3. Choose how changes behave:

    • Direct

      • The change is written immediately.

      • The record may become not compliant until approved.

    • Store for approval

      • The change is stored as part of the approval request.

      • The record keeps the old value and can remain compliant until approved.

      • Once approved, the stored value is applied.

Step 8 — Apply the approval rule to a table

  1. Apply the rule to Item (or your chosen table).

  2. Choose when the approval triggers:

    • After checks failed

    • After checks passed

    • Both

Common pattern: trigger After checks passed, so the data must satisfy rules first, then gets final sign-off.

Approving compliance requests

What users see

When a record requires approval:

  • The record may show Awaiting approval

  • The compliance view indicates fields are compliant, but the record is pending approval

How an approver works the queue

  1. Open Compliance Requests (or the compliance request list).

  2. Select the request.

  3. Review the change history/details.

  4. Choose Approve (or reject if applicable).

After approval:

  • The record returns to Compliant (assuming all checks pass).

Notifications

Approvers can receive email notifications in batches (for example, once per hour or every 10 minutes) to avoid spam.

 

Monitoring and initialization

Compliance status list (table summary)

There’s a summary view per table showing counts such as:

  • How many records are compliant

  • How many are not compliant

  • How many requests are awaiting you (the current user)

Initialization

There is an initialization function that can mark existing records as compliant as a starting point, then enforce compliance going forward (useful when adopting the app midstream).