Sunday, 21 October 2018

Role based Security in AX

There is a new pattern introduced in the new version of Dynamics AX (AX6.0/2012), for the security of the forms/tables etc. which is called RBS.

In Microsoft Dynamics AX, role-based security is aligned with the structure of the business. Users are assigned to security roles based on their responsibilities in the organization and their participation in business processes. The administrator grants access to the duties that users in a role perform, not to the program elements that users must use.

                     


Let’s take a looks at the data models of the Security framework


Table
Description
Mapping
SecurityRole 
Contains list of roles
(AOTàSecurityàRoles)
SecurityUserRole 
Contains the user to role mappings 
(System Administration à Users àUser)
SecurityTask 
Contains the list of duties and privileges
(AOTàSecurityàPrivileges/Duties)
SecuritySubTask 
Contains the duty to privilege mappings
(AOTàSecurityà Dutiesà Privileges)
SecurityRoleTaskGrant 
contains the list of role to duty mappings
(AOTàSecurityà RolesàDuties)


Some Examples

///////////////// Code in X++ /////////////////////////////

SecurityRole            securityRole;
SecurityUserRole        securityUserRole;
SecurityTask            securityTask;
SecuritySubTask         securitySubTask;
SecurityRoleTaskGrant   securityRoleTaskGrant;
   
#define.SecurityRole(‘BudgetBudgetManager’)
#define.SecurityTask(BudgetManagerRoleCenterView)
   
// 1. How to the find record ID of the privilege
select firstOnly RecId from securityTask
    where securityTask.AotName  == #SecurityTask
        && securityTask.Type    == SecurityTaskType::Privilege;
   
// 2. How to find the record ID of the security role of the currently logged-in user aving the specified security role
select firstonly RecId from securityRole
    exists join securityUserRole
    where securityRole.RecId     == securityUserRole.SecurityRole
        && securityRole.AotName  == #SecurityRole
        && securityUserRole.User == curUserId();

// 3. How to the find all the duties containing the specified privilege (security Duty)?
select SecurityTask from securitySubTask
    where securitySubTask.SecuritySubTask == securityTask.RecId;

// 4. How to check whether the privilege is directly associated with role
select firstOnly RecId from securityRoleTaskGrant
    where securityRoleTaskGrant.SecurityTask  == securityTask.RecId
        && securityRoleTaskGrant.SecurityRole == securityRole.RecId;
 

// 5. How to check whether the privilege is associated with role through duty
 select RecId from securityRoleTaskGrant
    exists join securitySubTask
    where securityRoleTaskGrant.SecurityTask == securitySubTask.SecurityTask
            && securityRoleTaskGrant.SecurityRole == securityRole.RecId;
   
 ///////////////// Code in X++ /////////////////////////////
For getting List of all Roles

 static void RoleUSerID(Args _args)
{
UserInfo    userInfo;
SecurityUserRole securityUserRole;
SecurityRole       Roles;

while select userInfo
join securityUserRole
where securityUserRole.User == userInfo.Id
join Roles where Roles.RecId  == securityUserRole.SecurityRole
&& Roles.AotName ==”TradeSalesRepresentative”
{
info(userInfo.Id);
}
at

1 comment:

  1. mansi gajjar30 January 2021 at 09:59

    Hi ,
    I have a similar requirement in AX D365 Finance and operations.

    When i try to use this job in D365 I get that the below objects ‘does not denote a class, table or EDT ‘
    securityTaskEntryPoint, SecurityRoleTaskGrant, SecurityEntryPointLink, SecurableObjects.

    Did you migrate this job to D365? Any idea how to do the same in D365.

    Please let me know.

    Thank you

    ReplyDelete

Subscribe to: Post Comments (Atom)

POSTMAN D365

  Postman is useful to test the behavior of different OData class from/to D365FO. In this post we will see the steps to setup Postman with D...