Translate

Sunday, May 10, 2015

List of duties and privileges under a Role

Hi,

Use the below job to get list of duties and privileges under one or more roles.

static void getAllDutiesAndPrivilidgesUnderRole(Args _args)
{
    str                             fileName = @"C:\Users\[UserId]\Desktop\allDutiesAndPrivilidgesUnderRole.csv";

    CommaTextIo                     commaTextIo;
    FileIOPermission                permission;

    SecurityTaskEntryPoint  taskEntryPoint;
    SecurityRole            role;
    SecurityRoleTaskGrant   taskGrant;
    SecuritySubTask         subTask;
    SecurityTask            privilege;
    SecurityTask            securityTask;
    SecurableObject         securableObject;
    DictEnum                dictEnum;
    str privAOTName;
    str dutyAOTName;
    str privName;
    str dutyName;
    str entrName;
    str accessLevel;
    str menuItemType;

    FromTime                    startTime = timeNow();

    #File
    ;

    permission = new FileIOPermission(fileName,#io_write);
    permission.assert();
    commaTextIo = new CommaTextIo(fileName,#io_write);

    //Header
    commaTextIo.write(
        "Role AOT name",
        "Description",
        "Duty AOT name",
        "Description",
        "Privilidge AOT name",
        "Description",
        "Entry point",
        "Type",
        "Access level");

    while select taskEntryPoint
    join subTask
        where subTask.SecuritySubTask == taskEntryPoint.SecurityTask
    join taskGrant
        where taskGrant.SecurityTask == subTask.SecurityTask
    join role
        where role.RecId == taskGrant.SecurityRole
        //&&  role.AotName like 'Sales*'
        //|| role.AotName like 'System*'
    {
        menuItemType    = "";
        dutyAOTName     = "";
        dutyName        = "";
        privAOTName     = "";
        privName        = "";
         if (subTask.RecId)
        {
            switch (taskEntryPoint.PermissionGroup)
            {
                case AccessRight::View:
                    accessLevel = "Read";
                    break;
                case AccessRight::Edit:
                    accessLevel = "Update";
                    break;
                case AccessRight::Add:
                    accessLevel = "Create";
                    break;
                case AccessRight::Delete:
                    accessLevel = "Delete";
                    break;
                default:
                    accessLevel = "";
                    break;
            }
        }

        select privilege
            where privilege.RecId == taskGrant.SecurityTask
            && SecurityTaskType::Duty == privilege.Type;

        dutyAOTName = privilege.AotName;
        dutyName = privilege.Name;

        select privilege
            where privilege.RecId == subTask.SecuritySubTask
            && SecurityTaskType::Privilege == privilege.Type;

        privAOTName = privilege.AotName;
        privName = privilege.Name;

        select RecId, Type, Name from securableObject
        where securableObject.RecId == taskEntryPoint.EntryPoint && (securableObject.Type == SecurableType::MenuItemDisplay
            || securableObject.Type == SecurableType::MenuItemAction || securableObject.Type == SecurableType::MenuItemOutput);

        dictEnum = new DictEnum(enumNum(MenuItemType));
        menuItemType = dictEnum.index2Name(securableObject.Type);

        commaTextIo.write(role.AotName,
                            role.Name,
                            dutyAOTName,
                            dutyName,
                            privAOTName,
                            privName,
                            securableObject.Name,
                            menuItemType,
                            accessLevel);
        }
    //sometimes a role has a privielge direclty assigned instead of a duty. So this code is for those privileges.
    //In this case duty will not exist.
    while select SecurityTask, SecurityRole from taskGrant
        join RecId, Type, AOTName from securitytask where securityTask.RecId == taskGrant.SecurityTask
                && taskGrant.SecurityRole == taskGrant.SecurityRole && securitytask.Type == SecurityTaskType::Privilege
        join securityTask, EntryPoint from taskEntryPoint where taskEntryPoint.SecurityTask == securitytask.RecId

        {
            menuItemType    = "";
            dutyAOTName     = "";
            dutyName        = "";
            privAOTName     = "";
            privName        = "";

            select RecId, Type, Name from securableObject
                where securableObject.RecId == taskEntryPoint.EntryPoint && (securableObject.Type == SecurableType::MenuItemDisplay
                    || securableObject.Type == SecurableType::MenuItemAction || securableObject.Type == SecurableType::MenuItemOutput);

            if(securableObject)
            {
                select privilege
                    where privilege.RecId == securityTask.RecId
                    && SecurityTaskType::Privilege == privilege.Type;

                privAOTName = privilege.AotName;
                privName = privilege.Name;

                dictEnum = new DictEnum(enumNum(MenuItemType));
                menuItemType = dictEnum.index2Name(securableObject.Type);

                commaTextIo.write(role.AotName,
                        role.Name,
                        dutyAOTName,
                        dutyName,
                        privAOTName,
                        privName,
                        securableObject.Name,
                        menuItemType,
                        accessLevel);
            }
    }
    CodeAccessPermission::revertAssert();
    info(strFmt("Total time: %1", timeConsumed(startTime, timeNow())));
}


2 comments:

  1. Wonderful post! Youve made some very astute observations and I am thankful for the the effort you have put into your writing. Its clear that you know what you are talking about. I am looking forward to reading more of your sites content.
    Microsoft Dynamics AX Training | VMware Virtualization Online Training

    ReplyDelete
  2. Thanks for the great post. Needed it badly. I want to learn more about Dynamics AX, could you provide some source.

    ReplyDelete

Recent Posts