Walkthrough: Creating a Code Permission under AOT Security
Applies To: Microsoft Dynamics AX 2012 R3, Microsoft Dynamics AX 2012 R2, Microsoft Dynamics AX 2012 Feature Pack, Microsoft Dynamics AX 2012
You can use the Application Object Tree (AOT) to create code permission nodes that are located under AOT > Security. A code permission enables a menu item to run code. When a menu item has its ObjectType property set to Class, the menu item is intended to run a method on a class.
A code permission is also necessary in some scenarios to run a service operation.
Prerequisites
To understand this walkthrough topic, you first need to understand the following areas:
- To implement and test security for this topic, you must act as a user in the roles of a developer, a system administrator, and an application user. For more information, see How to: Test the Role-based Security Configurations under AOT Security.
Create a Project and a Test Class
Your project gathers the application objects you are currently working on. Your test class contains the methods that you can use to test code permissions.
Create a private project named CodePermissionsProject.
For information about how to create a project, see How to: Create a MorphX Development Project.
Create a class named TestClass in the CodePermissionsProject project.
To create a new class, use CodePermissionsProject > New > Class. Rename the new class to TestClass.
Create a method named main in the TestClass class.
To create a new method, use TestClass > New > Method.
Enter the following code into the code editor for the main method.
static void main(Args _args)
{
AccountingDistribution ad;
select * from ad;
info(strFmt("The record type is %1.", ad.Type));
TestClass::postGL();
info('Completed the code permissions test.');
}
Create another method in the TestClass class.
Enter the following code into the code editor for the postGL method.
[SysEntryPointAttribute]
server static void postGL()
{
info('The postGL method is called.');
}
The SysEntryPointAttribute attribute class is used by the system to identify methods that execute on the server tier. The system authenticates the application user who invokes these methods.
Create a Code Permission
You can create a code permission by following these steps:
Create a code permission that is named TestCodePermission. Create the permission in the CodePermissionsProject project.
Create a code permission by right-clicking the TestCodePermission and navigating to New > Security > Code Permission. Rename the new code permission to TestCodePermission.
Add the AccountingDistribution table to the CodePermissionsProject project by dragging the table node from AOT > Data Dictionary > Tables onto the project node.
In the Properties window for the AccountingDistribution table, set the AOSAuthorization property to CreateReadUpdateDelete. Setting the AOSAuthorization table property to CreateReadUpdateDelete specifies that create, read, update, and delete data access operations must undergo user permission checking.
Add the AccountingDistribution table to the Tables node of the TestCodePermission project.
In the Properties window for the AccountingDistribution table, set the EffectiveAccess property to Read.
Add the TestClass::postGL method to the Server Methods node of the TestCodePermission project.
In the Properties window for the TestClass::postGL server method, set the following properties:
Property
Value
Class
TestClass
Method
postGL
EffectiveAccess
Invoke
Create a Menu Item Linked to a Code Permission
You can create a menu item by following these steps:
Create the menu item TestMenuItem in the CodePermissionsProject project.
Create a menu item by right-clicking the CodePermissionsProject and navigating to New > Menu Item > Action. Rename the new menu item to TestMenuItem.
In the Properties window for the TestMenuItem menu item, set the properties to the values that are shown in the following table.
Property
Value
Label
Code Permissions Test
ObjectType
Class
Object
TestClass
LinkedPermissionType
CodePermission
LinkedPermissionObject
TestCodePermission
Add the menu item that you created to one of the existing menus. For example, you can add the menu item to AOT > Menus > Home > Common by following these steps:
Drag the AOT > Menus > Home node onto the project node.
Drag TestMenuItem onto the Home > Common node in the project.
Create a Privilege for the Test Role
Create the TestRole role for an application user.
You can create a privilege for the test role by following these steps:
Create a privilege TestPrivilege in the CodePermissionsProject project.
Create a privilege by right-clicking the CodePermissionsProject and navigating to New > Security > Privilege. Rename the new privilege to TestPrivilege.
Create an entry point that will be associated with the TestMenuItem menu item by right-clicking the CodePermissionProject project and navigating to TestPrivilege > Entry Points > New Entry Point. Rename the new entry point to TestEntryPoint.
In the Properties window for the TestEntryPoint entry point, set the properties to the values that are shown in the following table.
Property
Value
ObjectType
MenuItemAction
ObjectName
TestMenuItem
AccessLevel
Delete
Add the TestPrivilege privilege to the TestRole role.
Drag the TestPrivilege node onto the TestRole > Privileges node.
Review the Project
You have created all the items necessary for this walkthrough as shown in the following image.
The project that you create
Use Your Code Permissions
As an application user, you can now verify that you can access your menu item and a server method. Follow these steps:
Correct Application Output
Manually assign an application user to the TestRole by using the System administration form.
For information about how to assign a user to a role, see Assign users to security roles.
Log on to the system as an application user and run the AX32.exe client application from the Command Prompt window.
The Workspace window of an application user will contain the menu item Code Permissions Test as shown in the following image.
The application user menu
When you click Code Permissions Test you will see the code output to the Infolog as shown in the following image.
The correct application output
Close the client application that you have started from the Command Prompt window.
Application Output Without the Code Permission for the Table
Alter the code permission for the AccountingDistribution table by changing the table EffectiveAccess property value to NoAccess.
Restart the client application from the Command Prompt window.
When you click Code Permissions Test you will see the code output to the Infolog as shown in the following image.
The application output without the code permission for the table
From the Infolog error messages you can see that the application user is no longer authorized access to the AccountingDistribution table.
Close the client application that you have started from the Command Prompt window.
In the Properties window for the AccountingDistribution table set the EffectiveAccess property back to Read.
Application Output Without the Code Permission for the Method
Remove the postGL method from the TestCodePermission code permission or, set the EffectiveAccess of the code permission to NoAccess.
Restart the client application from the Command Prompt window.
When you click Code Permissions Test you will see the code output to the Infolog as shown in the following image.
The application output without the code permission for the method
From the Infolog error message you can see that the application user is no longer authorized access to the postGL method.
Close the client application that you have started from the Command Prompt window.
In the Properties window for the postGL method set the EffectiveAccess property back to Invoke.
Removing the Privilege from the Role
The application user menu will no longer contain the menu item Code Permissions Test if you remove the TestPrivilege privilege from the TestRole role, or if you set the Enable property of the privilege to No.
See also
Security Node Entities in the AOT
Security Code Permission Properties
Announcements: New book: "Inside Microsoft Dynamics AX 2012 R3" now available. Get your copy at the MS Press Store.