Code Example: SecurityUtil Class for Accessing Role and Object Permissions

Applies To: Microsoft Dynamics AX 2012 R3, Microsoft Dynamics AX 2012 R2, Microsoft Dynamics AX 2012 Feature Pack, Microsoft Dynamics AX 2012

This topic provides code examples that use the SecurityUtil class. You can use the SecurityUtil class to access security permissions information about roles and objects.

The following system classes are available for accessing information about role-based security settings:

• SecurityInferencePermissions Class

• SecurityPolicy Class

• SecurityRights Class

• SecurityTableRights Class

• SecurityUtil Class

Code Example 1: getRolePermissions

You give the SecurityUtil::getRolePermissions method a security role ID number, and receive a set of containers that describe all the security permissions that are associated with the role. The comment in the following code example documents the elements in each returned container.

    static void GSecUtil_getRolePermissions_Job2(Args _args)
    {
        container      conrOuter, conrInner;
        SecurityRole   xrecSecurityRole;
        str            sTemp3;
        str            sAccRight, sSecuTyp;
        SecurableType  secuTyp;
        AccessRight    accRight;
        int            ii = 0;
    
        select RecId from xrecSecurityRole
            where xrecSecurityRole.AotName == 'SystemUser';
       
        conrOuter = SecurityUtil::getRolePermissions
            (xrecSecurityRole.RecId);  // 495054 in our test.
        
        // The returned conrOuter holds numerous inner containers.
        // The format of each inner container is:
        //  1. NameOfObject
        //  2. ObjectType       // enum SecurableType
        //  3. ChildObjectName  // Such as a table field name, or a form control name.
        //  4. AccessRight      // enum AccessRight
        
        for (ii=1; ii<conLen(conrOuter); ii++)
        {
            conrInner = conPeek(conrOuter, ii);
            
            secuTyp  = conPeek(conrInner, 2);
            sSecuTyp = enum2str(secuTyp);
            
            accRight  = conPeek(conrInner, 4);
            sAccRight = enum2str(accRight);
            
            sTemp3 = con2Str(conrInner, "  ,  ");
            info("getRolePermissions:  " + sTemp3 + ".   (" + sSecuTyp + " / " + sAccRight + ")");
        }
            
        // The input parameters of method SecurityUtil::getRoleEffectiveAccess
        // are similar to the output container format 
        // of method SecurityUtil::getRolePermissions.
    }
    /*** Subset of the 600 lines shown in the Infolog window.
    *** The italicized row of data, which mentions 'AIFOPERATIONCONTEXT',
    *** is used as input in the next code example section:
    
    getRolePermissions:  WORKFLOWWORKITEMDELEGATIONPARAMETERS  ,  44  ,    ,  5.   (Table field / Full control)
    getRolePermissions:  WORKFLOWWORKITEMQUEUE  ,  44  ,    ,  1.   (Table field / View)
    getRolePermissions:  WORKFLOWWORKITEMQUEUEASSIGNEE  ,  44  ,    ,  1.   (Table field / View)
    getRolePermissions:  WORKFLOWWORKITEMQUEUEGROUP  ,  44  ,    ,  1.   (Table field / View)
    getRolePermissions:  WORKFLOWWORKITEMQUEUEGROUPRELATION  ,  44  ,    ,  1.   (Table field / View)
    getRolePermissions:  WORKFLOWWORKITEMTABLE  ,  44  ,    ,  2.   (Table field / Edit)
    getRolePermissions:  XREFTABLERELATION  ,  44  ,    ,  1.   (Table field / View)
    getRolePermissions:  AIFOPERATIONCONTEXT  ,  45  ,  GETSCHEMA  ,  5.   (Class method / Full control)
    getRolePermissions:  AIFPORTMANAGER  ,  45  ,  GETSERVICESVERSIONID  ,  5.   (Class method / Full control)
    getRolePermissions:  AIFRUNTIMECACHEMANAGER  ,  45  ,  CACHEENTRY  ,  5.   (Class method / Full control)
    getRolePermissions:  AIFRUNTIMECACHEMANAGER  ,  45  ,  CACHINGENABLED  ,  5.   (Class method / Full control)
    getRolePermissions:  AIFRUNTIMECACHEMANAGER  ,  45  ,  FLUSHCACHE  ,  5.   (Class method / Full control)
    getRolePermissions:  AIFRUNTIMECACHEMANAGER  ,  45  ,  RETRIEVEENTRY  ,  5.   (Class method / Full control)
    getRolePermissions:  AIFSCHEMAINFO  ,  45  ,  PARMSCHEMAXML  ,  5.   (Class method / Full control)
    getRolePermissions:  AIFSCHEMAREPOSITORY  ,  45  ,  GETSHAREDTYPESSCHEMA  ,  5.   (Class method / Full control)
    getRolePermissions:  AIFUSERSESSIONSERVICE  ,  45  ,  APPLYTIMEZONE  ,  5.   (Class method / Full control)
    ***/

Code Example 2: getRoleEffectiveAccess

You give the SecurityUtil::getRoleEffectiveAccess method a role and a securable object, and receive a value of the AccessRight system enum that indicates the access rights that the role has to the object.

    static void GSecUtil_getRoleEffectiveAccess_Job3(Args _args)  // X++ job in AOT > Jobs.
    {
        AccessRight accRight;  // System enum.
        
        // This input data is from the italicized line in the previous example.
        //getRolePermissions:  AIFOPERATIONCONTEXT  ,  45  ,  GETSCHEMA  ,  5.   (Class method / Full control)
        //
        accRight = SecurityUtil::getRoleEffectiveAccess
            (495054,  // "SystemUser" in our test.
            "AIFOPERATIONCONTEXT",
            SecurableType::ClassMethod,  // 45
            "GETSCHEMA"
            );
        info(strFmt("AccessRight:  %1", accRight));
        
        // The input parameters of method SecurityUtil::getRoleEffectiveAccess
        // are partly similar to the output container format 
        // of method SecurityUtil::getRolePermissions.
    }
    /*** Pasted from Infolog:
    Message (12:58:54 pm)
    AccessRight:  Full control
    ***/

See also

Microsoft.Dynamics.AX.Framework.Services.Metadata.Enums.AccessRight

Set up user security in Microsoft Dynamics AX

Role-based Security in the AOT for Developers

Announcements: New book: "Inside Microsoft Dynamics AX 2012 R3" now available. Get your copy at the MS Press Store.