Hi,
Use the below job to get list of duties and privileges under one or more roles.
static void
getAllDutiesAndPrivilidgesUnderRole(Args _args)
{
str fileName = @"C:\Users\[UserId]\Desktop\allDutiesAndPrivilidgesUnderRole.csv";
CommaTextIo
commaTextIo;
FileIOPermission
permission;
SecurityTaskEntryPoint
taskEntryPoint;
SecurityRole role;
SecurityRoleTaskGrant taskGrant;
SecuritySubTask subTask;
SecurityTask privilege;
SecurityTask
securityTask;
SecurableObject
securableObject;
DictEnum dictEnum;
str privAOTName;
str dutyAOTName;
str privName;
str dutyName;
str entrName;
str accessLevel;
str menuItemType;
FromTime
startTime = timeNow();
#File
;
permission = new
FileIOPermission(fileName,#io_write);
permission.assert();
commaTextIo = new
CommaTextIo(fileName,#io_write);
//Header
commaTextIo.write(
"Role AOT name",
"Description",
"Duty AOT name",
"Description",
"Privilidge AOT name",
"Description",
"Entry point",
"Type",
"Access level");
while select
taskEntryPoint
join subTask
where subTask.SecuritySubTask ==
taskEntryPoint.SecurityTask
join taskGrant
where taskGrant.SecurityTask ==
subTask.SecurityTask
join role
where role.RecId == taskGrant.SecurityRole
//&&
role.AotName like 'Sales*'
//|| role.AotName like 'System*'
{
menuItemType = "";
dutyAOTName = "";
dutyName = "";
privAOTName = "";
privName = "";
if (subTask.RecId)
{
switch (taskEntryPoint.PermissionGroup)
{
case AccessRight::View:
accessLevel = "Read";
break;
case AccessRight::Edit:
accessLevel = "Update";
break;
case AccessRight::Add:
accessLevel = "Create";
break;
case AccessRight::Delete:
accessLevel = "Delete";
break;
default:
accessLevel = "";
break;
}
}
select privilege
where privilege.RecId ==
taskGrant.SecurityTask
&& SecurityTaskType::Duty == privilege.Type;
dutyAOTName = privilege.AotName;
dutyName = privilege.Name;
select privilege
where privilege.RecId ==
subTask.SecuritySubTask
&& SecurityTaskType::Privilege == privilege.Type;
privAOTName = privilege.AotName;
privName = privilege.Name;
select RecId, Type, Name from securableObject
where securableObject.RecId ==
taskEntryPoint.EntryPoint && (securableObject.Type ==
SecurableType::MenuItemDisplay
|| securableObject.Type == SecurableType::MenuItemAction ||
securableObject.Type == SecurableType::MenuItemOutput);
dictEnum = new DictEnum(enumNum(MenuItemType));
menuItemType = dictEnum.index2Name(securableObject.Type);
commaTextIo.write(role.AotName,
role.Name,
dutyAOTName,
dutyName,
privAOTName,
privName,
securableObject.Name,
menuItemType,
accessLevel);
}
//sometimes a role has a privielge direclty assigned
instead of a duty. So this code is for those privileges.
//In this case duty will not exist.
while select
SecurityTask, SecurityRole from
taskGrant
join RecId, Type, AOTName from securitytask where
securityTask.RecId == taskGrant.SecurityTask
&& taskGrant.SecurityRole == taskGrant.SecurityRole &&
securitytask.Type == SecurityTaskType::Privilege
join securityTask, EntryPoint from taskEntryPoint where taskEntryPoint.SecurityTask ==
securitytask.RecId
{
menuItemType = "";
dutyAOTName = "";
dutyName = "";
privAOTName = "";
privName = "";
select RecId, Type, Name from securableObject
where securableObject.RecId
== taskEntryPoint.EntryPoint && (securableObject.Type ==
SecurableType::MenuItemDisplay
|| securableObject.Type == SecurableType::MenuItemAction ||
securableObject.Type == SecurableType::MenuItemOutput);
if(securableObject)
{
select privilege
where privilege.RecId ==
securityTask.RecId
&& SecurityTaskType::Privilege == privilege.Type;
privAOTName = privilege.AotName;
privName = privilege.Name;
dictEnum = new DictEnum(enumNum(MenuItemType));
menuItemType = dictEnum.index2Name(securableObject.Type);
commaTextIo.write(role.AotName,
role.Name,
dutyAOTName,
dutyName,
privAOTName,
privName,
securableObject.Name,
menuItemType,
accessLevel);
}
}
CodeAccessPermission::revertAssert();
info(strFmt("Total
time: %1", timeConsumed(startTime, timeNow())));
}
Wonderful post! Youve made some very astute observations and I am thankful for the the effort you have put into your writing. Its clear that you know what you are talking about. I am looking forward to reading more of your sites content.
ReplyDeleteMicrosoft Dynamics AX Training | VMware Virtualization Online Training
Thanks for the great post. Needed it badly. I want to learn more about Dynamics AX, could you provide some source.
ReplyDeleteInformative blog and it was up to the point describing the information very effectively. Thanks to blog author for wonderful and informative post...
ReplyDeleteMicrosoft Dynamics AX Online Training
I am so happy today because God has done it for me after going through hard times with other loan lenders and nothing works out, I was about loosing my faith and hope but I still have to stand strong and pursue what am looking for. I am happy today because God has directed me to the best Loan Company and I didn't regret anything after contacting them and my heart desire was granted and I was given the said amount I requested for (300,000.00 USD), the money was paid into my account after two weeks of talking with the company and they didn't stress me or give me any headache in getting this loan from them, others of my family members and friends I directed to them all got their loan too, I would love you to contact 247officedept@gmail.com / whatsapp +1-989-394-3740. . and get your loan quickly and this is safe and fast, you that have loose hope, faith and everything you have all just in the name of getting a loan and nothing work out, bet me if you try this man called Benjamin , you will never regret anything and your loan request will be approve and it will be paid directly into your bank account, so hurry now and contact quick response on WhatsApp +1-989-394-3740. ask for any type of Loan, and it will be granted to you. I wish you the best
ReplyDeleteThanks a lot , this helped me a lot.. Thanks Again ,
ReplyDeleteHello Mukesh want to create a role in which i can remove all the setup related form from all the Modules in D365FO ?
ReplyDelete