How to use Code Permission in AX 2012.

Today I will demonstrate you that How to use Code Permission in AX 2012.
Create a Project and a Test Class

  1. Create a private project named CodePermissionsProject.
  2. Create a class named TestClass in the CodePermissionsProject project.
To create a new class, use CodePermissionsProject > New > Class. Rename the new class to TestClass.
  1. Create a method named main in the TestClass class. To create a new method, use TestClass > New > Method. Enter the following code into the code editor for the main method.
static void main(Args _args)
{
    AccountingDistribution ad;

    select * from ad;
    info(strFmt("The record type is %1.", ad.Type));
    TestClass::postGL();
    info('Completed the code permissions test.');
}

  1. Create another method in the TestClass class. Enter the following code into the code editor for the postGL method.
  2.  [SysEntryPointAttribute]
server static void postGL()
{
    info('The postGL method is called.');
}

The SysEntryPointAttribute attribute class is used by the system to identify methods that execute on the server tier. The system authenticates the application user who invokes these methods.

Create a Code Permission
You can create a code permission by following these steps:
  1. Create a code permission that is named TestCodePermission. Create the permission in the CodePermissionsProject project.
Create a code permission by right-clicking the TestCodePermission and navigating to New > Security > Code Permission. Rename the new code permission to TestCodePermission.
  1. Add the AccountingDistribution table to the CodePermissionsProject project by dragging the table node from AOT > Data Dictionary > Tables onto the project node.
  2. In the Properties window for the AccountingDistribution table, set the AOSAuthorization property to CreateReadUpdateDelete. Setting the AOSAuthorization table property to CreateReadUpdateDelete specifies that create, read, update, and delete data access operations must undergo user permission checking.
  3. Add the AccountingDistribution table to the Tables node of the TestCodePermission project.
  4. In the Properties window for the AccountingDistribution table, set the EffectiveAccess property to Read.
  5. Add the TestClass::postGL method to the Server Methods node of the TestCodePermission project.
  6. In the Properties window for the TestClass::postGL server method, set the following properties:
Property
Value
Class
TestClass
Method
postGL
EffectiveAccess
Invoke

Create a Menu Item Linked to a Code Permission
You can create a menu item by following these steps:
  1. Create the menu item TestMenuItem in the CodePermissionsProject project.
Create a menu item by right-clicking the CodePermissionsProject and navigating to New > Menu Item > Action. Rename the new menu item to TestMenuItem.
  1. In the Properties window for the TestMenuItem menu item, set the properties to the values that are shown in the following table.
Property
Value
Label
Code Permissions Test
ObjectType
Class
Object
TestClass
LinkedPermissionType
CodePermission
LinkedPermissionObject
TestCodePermission
  1. Add the menu item that you created to one of the existing menus. For example, you can add the menu item to AOT > Menus > Home > Common by following these steps:
    1. Drag the AOT > Menus > Home node onto the project node.
    2. Drag TestMenuItem onto the Home > Common node in the project.
Create a Privilege for the Test Role
Create the TestRole role for an application user.
You can create a privilege for the test role by following these steps:
  1. Create a privilege TestPrivilege in the CodePermissionsProject project.
Create a privilege by right-clicking the CodePermissionsProject and navigating to New > Security > Privilege. Rename the new privilege to TestPrivilege.
  1. Create an entry point that will be associated with the TestMenuItem menu item by right-clicking the CodePermissionProject project and navigating to TestPrivilege > Entry Points > New Entry Point. Rename the new entry point to TestEntryPoint.
  2. In the Properties window for the TestEntryPoint entry point, set the properties to the values that are shown in the following table.
Property
Value
ObjectType
MenuItemAction
ObjectName
TestMenuItem
AccessLevel
Delete
  1. Add the TestPrivilege privilege to the TestRole role.
Drag the TestPrivilege node onto the TestRole > Privileges node.



Use Your Code Permissions
As an application user, you can now verify that you can access your menu item and a server method. Follow these steps:

Correct Application Output
  1. Manually assign an application user to the TestRole by using the System administration form. 
  2. Log on to the system as an application user and run the AX32.exe client application from the Command Prompt window.
  3. The Workspace window of an application user will contain the menu item Code Permissions Test. 
  4. When you click Code Permissions Test you will see the code output to the Infolog. 
  5. Close the client application that you have started from the Command Prompt window.
Application Output Without the Code Permission for the Table
  1. Alter the code permission for the AccountingDistribution table by changing the table EffectiveAccess property value to NoAccess.
  2. Restart the client application from the Command Prompt window.
  3. When you click Code Permissions Test you will see the code output to the Infolog. From the Infolog error messages you can see that the application user is no longer authorized access to the AccountingDistribution table.
  4. Close the client application that you have started from the Command Prompt window.
  5. In the Properties window for the AccountingDistribution table set the EffectiveAccess property back to Read.
Application Output Without the Code Permission for the Method
  1. Remove the postGL method from the TestCodePermission code permission or, set the EffectiveAccess of the code permission to NoAccess.
  2. Restart the client application from the Command Prompt window.
  3. When you click Code Permissions Test you will see the code output to the Infolog. From the Infolog error message you can see that the application user is no longer authorized access to the postGL method.
  4. Close the client application that you have started from the Command Prompt window.
  5. In the Properties window for the postGL method set the EffectiveAccess property back to Invoke.
Removing the Privilege from the Role

The application user menu will no longer contain the menu item Code Permissions Test if you remove the TestPrivilege privilege from the TestRole role, or if you set the Enable property of the privilege to No.


Comments

Post a Comment