Translate

Sunday, May 10, 2015

List of duties and privileges under a Role

Hi,

Use the below job to get list of duties and privileges under one or more roles.

static void getAllDutiesAndPrivilidgesUnderRole(Args _args)
{
    str                             fileName = @"C:\Users\[UserId]\Desktop\allDutiesAndPrivilidgesUnderRole.csv";

    CommaTextIo                     commaTextIo;
    FileIOPermission                permission;

    SecurityTaskEntryPoint  taskEntryPoint;
    SecurityRole            role;
    SecurityRoleTaskGrant   taskGrant;
    SecuritySubTask         subTask;
    SecurityTask            privilege;
    SecurityTask            securityTask;
    SecurableObject         securableObject;
    DictEnum                dictEnum;
    str privAOTName;
    str dutyAOTName;
    str privName;
    str dutyName;
    str entrName;
    str accessLevel;
    str menuItemType;

    FromTime                    startTime = timeNow();

    #File
    ;

    permission = new FileIOPermission(fileName,#io_write);
    permission.assert();
    commaTextIo = new CommaTextIo(fileName,#io_write);

    //Header
    commaTextIo.write(
        "Role AOT name",
        "Description",
        "Duty AOT name",
        "Description",
        "Privilidge AOT name",
        "Description",
        "Entry point",
        "Type",
        "Access level");

    while select taskEntryPoint
    join subTask
        where subTask.SecuritySubTask == taskEntryPoint.SecurityTask
    join taskGrant
        where taskGrant.SecurityTask == subTask.SecurityTask
    join role
        where role.RecId == taskGrant.SecurityRole
        //&&  role.AotName like 'Sales*'
        //|| role.AotName like 'System*'
    {
        menuItemType    = "";
        dutyAOTName     = "";
        dutyName        = "";
        privAOTName     = "";
        privName        = "";
         if (subTask.RecId)
        {
            switch (taskEntryPoint.PermissionGroup)
            {
                case AccessRight::View:
                    accessLevel = "Read";
                    break;
                case AccessRight::Edit:
                    accessLevel = "Update";
                    break;
                case AccessRight::Add:
                    accessLevel = "Create";
                    break;
                case AccessRight::Delete:
                    accessLevel = "Delete";
                    break;
                default:
                    accessLevel = "";
                    break;
            }
        }

        select privilege
            where privilege.RecId == taskGrant.SecurityTask
            && SecurityTaskType::Duty == privilege.Type;

        dutyAOTName = privilege.AotName;
        dutyName = privilege.Name;

        select privilege
            where privilege.RecId == subTask.SecuritySubTask
            && SecurityTaskType::Privilege == privilege.Type;

        privAOTName = privilege.AotName;
        privName = privilege.Name;

        select RecId, Type, Name from securableObject
        where securableObject.RecId == taskEntryPoint.EntryPoint && (securableObject.Type == SecurableType::MenuItemDisplay
            || securableObject.Type == SecurableType::MenuItemAction || securableObject.Type == SecurableType::MenuItemOutput);

        dictEnum = new DictEnum(enumNum(MenuItemType));
        menuItemType = dictEnum.index2Name(securableObject.Type);

        commaTextIo.write(role.AotName,
                            role.Name,
                            dutyAOTName,
                            dutyName,
                            privAOTName,
                            privName,
                            securableObject.Name,
                            menuItemType,
                            accessLevel);
        }
    //sometimes a role has a privielge direclty assigned instead of a duty. So this code is for those privileges.
    //In this case duty will not exist.
    while select SecurityTask, SecurityRole from taskGrant
        join RecId, Type, AOTName from securitytask where securityTask.RecId == taskGrant.SecurityTask
                && taskGrant.SecurityRole == taskGrant.SecurityRole && securitytask.Type == SecurityTaskType::Privilege
        join securityTask, EntryPoint from taskEntryPoint where taskEntryPoint.SecurityTask == securitytask.RecId

        {
            menuItemType    = "";
            dutyAOTName     = "";
            dutyName        = "";
            privAOTName     = "";
            privName        = "";

            select RecId, Type, Name from securableObject
                where securableObject.RecId == taskEntryPoint.EntryPoint && (securableObject.Type == SecurableType::MenuItemDisplay
                    || securableObject.Type == SecurableType::MenuItemAction || securableObject.Type == SecurableType::MenuItemOutput);

            if(securableObject)
            {
                select privilege
                    where privilege.RecId == securityTask.RecId
                    && SecurityTaskType::Privilege == privilege.Type;

                privAOTName = privilege.AotName;
                privName = privilege.Name;

                dictEnum = new DictEnum(enumNum(MenuItemType));
                menuItemType = dictEnum.index2Name(securableObject.Type);

                commaTextIo.write(role.AotName,
                        role.Name,
                        dutyAOTName,
                        dutyName,
                        privAOTName,
                        privName,
                        securableObject.Name,
                        menuItemType,
                        accessLevel);
            }
    }
    CodeAccessPermission::revertAssert();
    info(strFmt("Total time: %1", timeConsumed(startTime, timeNow())));
}


6 comments:

  1. Wonderful post! Youve made some very astute observations and I am thankful for the the effort you have put into your writing. Its clear that you know what you are talking about. I am looking forward to reading more of your sites content.
    Microsoft Dynamics AX Training | VMware Virtualization Online Training

    ReplyDelete
  2. Thanks for the great post. Needed it badly. I want to learn more about Dynamics AX, could you provide some source.

    ReplyDelete
  3. Informative blog and it was up to the point describing the information very effectively. Thanks to blog author for wonderful and informative post...
    Microsoft Dynamics AX Online Training

    ReplyDelete
  4. I am so happy today because God has done it for me after going through hard times with other loan lenders and nothing works out, I was about loosing my faith and hope but I still have to stand strong and pursue what am looking for. I am happy today because God has directed me to the best Loan Company and I didn't regret anything after contacting them and my heart desire was granted and I was given the said amount I requested for (300,000.00 USD), the money was paid into my account after two weeks of talking with the company and they didn't stress me or give me any headache in getting this loan from them, others of my family members and friends I directed to them all got their loan too, I would love you to contact  247officedept@gmail.com / whatsapp +1-989-394-3740.  .     and get your loan quickly and this is safe and fast, you that have loose hope, faith and everything you have all just in the name of getting a loan and nothing work out, bet me if you try this man called Benjamin , you will never regret anything and your loan request will be approve and it will be paid directly into your bank account, so hurry now and contact quick response on WhatsApp +1-989-394-3740. ask for any type of Loan, and it will be granted to you. I wish you the best  

    ReplyDelete
  5. Thanks a lot , this helped me a lot.. Thanks Again ,

    ReplyDelete
  6. Hello Mukesh want to create a role in which i can remove all the setup related form from all the Modules in D365FO ?

    ReplyDelete