I am by no means a developer (EDI Specialist by trade) but I am looking for some advice on a piece of code.
For our imported order files, I find that only users in the AX Admin group can actually run the AIF “Process Message Queue” job in AX without getting an “unauthorized” message.
I found the following code in the AIFGATEWAYQUEUE VALIDATEUSER method and believe that this may be the reason?
public boolean validateUser()
{
#Admin
boolean ret;
userId currentUserId;
sid currentUserSid;
currentUserId = curuserid();
// Gateway records can be inserted or modified only:
// - by members of Admin
// - the submitting user
if (AifUtil::isGroupMember(currentUserId, #AdminUserGroup))
{
ret = true;
}
else
{
currentUserSid = AifUtil::getAxUserSid(currentUserId);
ret = (currentUserSid == AifUtil::getWindowsUserSid(this.SubmittingUserId));
if (ret && (this.orig().RecId != 0))
ret = (currentUserSid == AifUtil::getWindowsUserSid(this.orig().SubmittingUserId));
}
return ret;
}
I should mention that the “submitting user” is applied to incoming files automatically as a user that is NOT the actual AX user that runs the “Process Message Queue” job to import the orders. So, it would appear to me that the only valid option in the code is if the user that runs it is actually part of the Admin group.
Why would individual users run the AIF batch jobs? They’re usually set once by an administrator (with a schedule) and users don’t worry about them at all.
By the way, let me change the title “Need some advice on this code” to something that describes your actual question.
The short answer is that we are a finishing company where product is dropped off for finishing & files are transmitted to us at all hours of the day and we have a very short window in receiving once product is dropped off to start our finishing process, so instead of having that batch job run automatically say every 15 minutes, our receiving department needs the option to run the job as needed.
So, I guess the question is, if I simply wanted AX security group “receiving” to be able to run the process instead of the “Admin” group that seems to be indicated in that code, what in that code needs to be changed?
What is your AX version? I see a different code in validateUser method in AX 2012. (there it checks for access rights on AifGatewayQueue table)
You can try porting the code from AX 2012 to AX 2009 (for that method). You don’t need all the code, but the code that is checking if you have the access right for that table.
securityRights = SecurityRights::construct();
accessRight = securityRights.tableAccessRight(tableStr(AifGatewayQueue));
if (accessRight >= expectedAccessRight)
{
ret = true;
}
(or) have a developer to build code that runs these jobs as Admin using runAs function.