AX2012 Excel Add-in in combination with security

Add tables: Only with the system administrator role

Add data:
* Access to the tables that are used in the query
* Permissions to the services

Add Tables
5
6

Add Data
7
9

Advertisements

AX2012 Access denied to field X in table X – Grant access to specific organizations individually

Access denied to field IBAN (BankIBAN) in table Vendor bank accounts. (Or any other field where the property AOSAuthorization is set to yes)

2017-01-12_18-24-47

Prerequisites

The solution provided is only applicable if you set up the “grant access to specific organizations individually”. The error does not occur when you choose “grant access to all organizations”.

Another prerequisite is that you use virtual companies and table collections.

2017-01-12_18-33-54

Solution

  1. When you close the form SysSecRoleAssignOM AX will save the details to which organization you gave that user/role combination access. This data will be stored in the table SecurityUserRoleCondition.
  2. The virtual companies are not included in table SecurityUserRoleCondition. You need to check when you close the screen if one of the organizations is included in a virtual company. If this is the case you can add the virtual company to.
  3. The two highlighted lines are added because they are the virtual companies.

1

Security Testing – Debugging when using restricted roles

Step 1:
Add the roles that you would like to test to your own user.
You also need to give yourself the role System administrator.
Step 2:
Open the development workspace.
Step 3:
Create a job and add following code.

static void nonAdminMode(Args _args)
{
    SecurityUtil::sysAdminMode(false);
}

Step 4:
Ctrl + W will open the workspace where you can simulate the issue.
At this moment you have reduced rights but you still have the possibility to debug.
Step 5:
When done testing & debugging close the session and run following job.

static void adminMode(Args _args)
{
    SecurityUtil::sysAdminMode(true);
}