need x++ code for printing user duties and privileages

Finance and Operations/AX Developer Forum
1

need x++ code for printing user duties and privileages

2

Could you elaborate your problem a little bit, please?

3

Hi Kishore,
Use this code…

static void getAllDutiesAndPrivilidgesUnderRole(Args _args)
{
str fileName = @“C:\Users[UserId]\Desktop\allDutiesAndPrivilidgesUnderRole.csv”;

CommaTextIo commaTextIo;
FileIOPermission permission;

SecurityTaskEntryPoint taskEntryPoint;
SecurityRole role;
SecurityRoleTaskGrant taskGrant;
SecuritySubTask subTask;
SecurityTask privilege;
SecurityTask securityTask;
SecurableObject securableObject;
DictEnum dictEnum;
str privAOTName;
str dutyAOTName;
str privName;
str dutyName;
str entrName;
str accessLevel;
str menuItemType;

FromTime startTime = timeNow();

#File
;

permission = new FileIOPermission(fileName,#io_write);
permission.assert();
commaTextIo = new CommaTextIo(fileName,#io_write);

//Header
commaTextIo.write(
“Role AOT name”,
“Description”,
“Duty AOT name”,
“Description”,
“Privilidge AOT name”,
“Description”,
“Entry point”,
“Type”,
“Access level”);

while selecttaskEntryPoint
join subTask
where subTask.SecuritySubTask == taskEntryPoint.SecurityTask
join taskGrant
where taskGrant.SecurityTask == subTask.SecurityTask
join role
where role.RecId == taskGrant.SecurityRole
//&& role.AotName like ‘Sales*’
//|| role.AotName like ‘System*’
{
menuItemType = “”;
dutyAOTName = “”;
dutyName = “”;
privAOTName = “”;
privName = “”;
if (subTask.RecId)
{
switch (taskEntryPoint.PermissionGroup)
{
case AccessRight::View:
accessLevel = “Read”;
break;
case AccessRight::Edit:
accessLevel = “Update”;
break;
case AccessRight::Add:
accessLevel = “Create”;
break;
case AccessRight::Delete:
accessLevel = “Delete”;
break;
default:
accessLevel = “”;
break;
}
}

select privilege
where privilege.RecId == taskGrant.SecurityTask
&& SecurityTaskType::Duty == privilege.Type;

dutyAOTName = privilege.AotName;
dutyName = privilege.Name;

select privilege
where privilege.RecId == subTask.SecuritySubTask
&& SecurityTaskType::Privilege == privilege.Type;

privAOTName = privilege.AotName;
privName = privilege.Name;

select RecId, Type, Name from securableObject
where securableObject.RecId == taskEntryPoint.EntryPoint && (securableObject.Type == SecurableType::MenuItemDisplay
|| securableObject.Type == SecurableType::MenuItemAction || securableObject.Type == SecurableType::MenuItemOutput);

dictEnum = new DictEnum(enumNum(MenuItemType));
menuItemType = dictEnum.index2Name(securableObject.Type);

commaTextIo.write(role.AotName,
role.Name,
dutyAOTName,
dutyName,
privAOTName,
privName,
securableObject.Name,
menuItemType,
accessLevel);
}
//sometimes a role has a privielge direclty assigned instead of a duty. So this code is for those privileges.
//In this case duty will not exist.
while select SecurityTask, SecurityRole from taskGrant
join RecId, Type, AOTName from securitytask where securityTask.RecId == taskGrant.SecurityTask
&& taskGrant.SecurityRole == taskGrant.SecurityRole && securitytask.Type == SecurityTaskType::Privilege
join securityTask, EntryPoint from taskEntryPoint where taskEntryPoint.SecurityTask == securitytask.RecId

{
menuItemType = “”;
dutyAOTName = “”;
dutyName = “”;
privAOTName = “”;
privName = “”;

select RecId, Type, Name from securableObject
where securableObject.RecId == taskEntryPoint.EntryPoint && (securableObject.Type == SecurableType::MenuItemDisplay
|| securableObject.Type == SecurableType::MenuItemAction || securableObject.Type == SecurableType::MenuItemOutput);

if(securableObject)
{
select privilege
where privilege.RecId == securityTask.RecId
&& SecurityTaskType::Privilege == privilege.Type;

privAOTName = privilege.AotName;
privName = privilege.Name;

dictEnum = new DictEnum(enumNum(MenuItemType));
menuItemType = dictEnum.index2Name(securableObject.Type);

commaTextIo.write(role.AotName,
role.Name,
dutyAOTName,
dutyName,
privAOTName,
privName,
securableObject.Name,
menuItemType,
accessLevel);
}
}
CodeAccessPermission::revertAssert();
info(strFmt(“Total time: %1”, timeConsumed(startTime, timeNow())));
}

4

Thanks arvind the code has been executed.

5

If it answered your question, please mark the reply as the verified answer (“This helped me”).

If it didn’t, please explain your problem.

6

hey Hi Aravind.

Thanks for your code but it saving all the privileges present in ax.

I need the privileges of particular Duty which is assigned to the present users

7

but it saving all the privileges present in ax.

I need the privileges of particular Duty which is assigned to the present users

8

That’s exactly why I asked you to elaborate your problem. If you don’t explain what you need, you can’t expect to get it.

This is how you can get user’s roles:

SecurityUserRole userRole;

while select userRole
where userRole.User == curUserId()
   && userRole.AssignmentStatus == RoleAssignmentStatus::Enabled

Then use roles to filter what you get.

By the way, look at the original blog post rather then at ArvindhVR’s reply, because the code is much more readable there.

9

A ton Of Thanks Martin :slight_smile:

10

static void Export_Duties_Privileage(Args _args)
{
str fileName = @“D:\Security\Duties_Privileage.csv”;

CommaIo commaIo;
FileIOPermission permission;

SecurityTaskEntryPoint taskEntryPoint;
SecurityRole role;
SecurityRoleTaskGrant taskGrant;
SecuritySubTask subTask;
SecurityTask privilege;
SecurityTask securityTask;
SecurableObject securableObject;
DictEnum dictEnum;
SecurityUserRole userRole;
str privAOTName;
str dutyAOTName;
str privName;
str dutyName;
str entrName;
str accessLevel;
str menuItemType;

#File
;

permission = new FileIOPermission(fileName,#io_write);
permission.assert();
commaIo = new CommaIo(fileName,#io_write);

//Header
commaIo.write(“Duty AOT name”,“Priviliege AOT name”);

while select taskEntryPoint
join subTask
where subTask.SecuritySubTask == taskEntryPoint.SecurityTask
join taskGrant
where taskGrant.SecurityTask == subTask.SecurityTask
join role
where role.RecId == taskGrant.SecurityRole
{

while select privilege
where privilege.RecId == taskGrant.SecurityTask
&& SecurityTaskType::Duty == privilege.Type

dutyAOTName = privilege.AotName;
dutyName = privilege.Name;

while select privilege
where privilege.RecId == subTask.SecuritySubTask
&& SecurityTaskType::Privilege == privilege.Type

while select userRole
where userRole.User == curUserId()
&& userRole.AssignmentStatus == RoleAssignmentStatus::Enabled

privAOTName = privilege.AotName;
privName = privilege.Name;

select RecId, Type, Name from securableObject
where securableObject.RecId == taskEntryPoint.EntryPoint && (securableObject.Type == SecurableType::MenuItemDisplay
|| securableObject.Type == SecurableType::MenuItemAction || securableObject.Type == SecurableType::MenuItemOutput);

dictEnum = new DictEnum(enumNum(MenuItemType));
menuItemType = dictEnum.index2Name(securableObject.Type);

commaIo.write(dutyAOTName,privAOTName);
print dutyAOTName,privAOTName;
}pause;
}

could you please rectify my code iam facing the same problem still

11

I don’t understand what you expect your code to do. I thought you would filter the main while select, so it doesn’t return all roles. You would have something like this there:

join role
    where role.RecId == taskGrant.SecurityRole

	exists join userRole
		where userRole.SecurityRole == role.RecId
		   && userRole.User == curUserId()
	       && userRole.AssignmentStatus == RoleAssignmentStatus::Enabled

By the way, please use Insert > Insert code to keep code indentation, otherwise it’s hard to read.