Translate

Sunday, May 10, 2015

List of duties and privileges under a Role

Hi,

Use the below job to get list of duties and privileges under one or more roles.

static void getAllDutiesAndPrivilidgesUnderRole(Args _args)
{
    str                             fileName = @"C:\Users\[UserId]\Desktop\allDutiesAndPrivilidgesUnderRole.csv";

    CommaTextIo                     commaTextIo;
    FileIOPermission                permission;

    SecurityTaskEntryPoint  taskEntryPoint;
    SecurityRole            role;
    SecurityRoleTaskGrant   taskGrant;
    SecuritySubTask         subTask;
    SecurityTask            privilege;
    SecurityTask            securityTask;
    SecurableObject         securableObject;
    DictEnum                dictEnum;
    str privAOTName;
    str dutyAOTName;
    str privName;
    str dutyName;
    str entrName;
    str accessLevel;
    str menuItemType;

    FromTime                    startTime = timeNow();

    #File
    ;

    permission = new FileIOPermission(fileName,#io_write);
    permission.assert();
    commaTextIo = new CommaTextIo(fileName,#io_write);

    //Header
    commaTextIo.write(
        "Role AOT name",
        "Description",
        "Duty AOT name",
        "Description",
        "Privilidge AOT name",
        "Description",
        "Entry point",
        "Type",
        "Access level");

    while select taskEntryPoint
    join subTask
        where subTask.SecuritySubTask == taskEntryPoint.SecurityTask
    join taskGrant
        where taskGrant.SecurityTask == subTask.SecurityTask
    join role
        where role.RecId == taskGrant.SecurityRole
        //&&  role.AotName like 'Sales*'
        //|| role.AotName like 'System*'
    {
        menuItemType    = "";
        dutyAOTName     = "";
        dutyName        = "";
        privAOTName     = "";
        privName        = "";
         if (subTask.RecId)
        {
            switch (taskEntryPoint.PermissionGroup)
            {
                case AccessRight::View:
                    accessLevel = "Read";
                    break;
                case AccessRight::Edit:
                    accessLevel = "Update";
                    break;
                case AccessRight::Add:
                    accessLevel = "Create";
                    break;
                case AccessRight::Delete:
                    accessLevel = "Delete";
                    break;
                default:
                    accessLevel = "";
                    break;
            }
        }

        select privilege
            where privilege.RecId == taskGrant.SecurityTask
            && SecurityTaskType::Duty == privilege.Type;

        dutyAOTName = privilege.AotName;
        dutyName = privilege.Name;

        select privilege
            where privilege.RecId == subTask.SecuritySubTask
            && SecurityTaskType::Privilege == privilege.Type;

        privAOTName = privilege.AotName;
        privName = privilege.Name;

        select RecId, Type, Name from securableObject
        where securableObject.RecId == taskEntryPoint.EntryPoint && (securableObject.Type == SecurableType::MenuItemDisplay
            || securableObject.Type == SecurableType::MenuItemAction || securableObject.Type == SecurableType::MenuItemOutput);

        dictEnum = new DictEnum(enumNum(MenuItemType));
        menuItemType = dictEnum.index2Name(securableObject.Type);

        commaTextIo.write(role.AotName,
                            role.Name,
                            dutyAOTName,
                            dutyName,
                            privAOTName,
                            privName,
                            securableObject.Name,
                            menuItemType,
                            accessLevel);
        }
    //sometimes a role has a privielge direclty assigned instead of a duty. So this code is for those privileges.
    //In this case duty will not exist.
    while select SecurityTask, SecurityRole from taskGrant
        join RecId, Type, AOTName from securitytask where securityTask.RecId == taskGrant.SecurityTask
                && taskGrant.SecurityRole == taskGrant.SecurityRole && securitytask.Type == SecurityTaskType::Privilege
        join securityTask, EntryPoint from taskEntryPoint where taskEntryPoint.SecurityTask == securitytask.RecId

        {
            menuItemType    = "";
            dutyAOTName     = "";
            dutyName        = "";
            privAOTName     = "";
            privName        = "";

            select RecId, Type, Name from securableObject
                where securableObject.RecId == taskEntryPoint.EntryPoint && (securableObject.Type == SecurableType::MenuItemDisplay
                    || securableObject.Type == SecurableType::MenuItemAction || securableObject.Type == SecurableType::MenuItemOutput);

            if(securableObject)
            {
                select privilege
                    where privilege.RecId == securityTask.RecId
                    && SecurityTaskType::Privilege == privilege.Type;

                privAOTName = privilege.AotName;
                privName = privilege.Name;

                dictEnum = new DictEnum(enumNum(MenuItemType));
                menuItemType = dictEnum.index2Name(securableObject.Type);

                commaTextIo.write(role.AotName,
                        role.Name,
                        dutyAOTName,
                        dutyName,
                        privAOTName,
                        privName,
                        securableObject.Name,
                        menuItemType,
                        accessLevel);
            }
    }
    CodeAccessPermission::revertAssert();
    info(strFmt("Total time: %1", timeConsumed(startTime, timeNow())));
}


3 comments:

  1. Wonderful post! Youve made some very astute observations and I am thankful for the the effort you have put into your writing. Its clear that you know what you are talking about. I am looking forward to reading more of your sites content.
    Microsoft Dynamics AX Training | VMware Virtualization Online Training

    ReplyDelete
  2. Thanks for the great post. Needed it badly. I want to learn more about Dynamics AX, could you provide some source.

    ReplyDelete
  3. Informative blog and it was up to the point describing the information very effectively. Thanks to blog author for wonderful and informative post...
    Microsoft Dynamics AX Online Training

    ReplyDelete