Axaptapedia is now maintained by AgileCadence For more information please click here.

Security

From Axaptapedia
Jump to: navigation, search

Some info about security system in Ax

Record Level Security -- allows to provide users access to only records they need

how to copy user groups[edit]

Task: copy groups with names DGP_xxxx to groups with names DMS_xxxx and restrict access of new groups to some menu items

<xpp> static void SYS_CopyUserGroup(Args _args) {

   UserGroupInfo userGroup;
   UserGroup groupID;
   str domain = 'cnt';
   int i;
   // source groups
   container groups=[
       'DGP_Office', 'DGP_OffAg',
       'DGP_Expert', 'DGP_Main',
       'DGP_Inspec', 'DGP_Agent',
       'DGP_View', 'DGP_Anal'
   ];
   // menu items, to restrict access
   container menuItems = [
       [menuItemDisplayStr(ASP_AgentDemoList), AccessRecordType::MenuItemDisplay],
       [menuItemDisplayStr(ASP_Agent), AccessRecordType::MenuItemDisplay],
       [menuItemDisplayStr(ASP_CreateOnBasis), AccessRecordType::MenuItemDisplay]
   ];
   
   void disableMenuItems(SecurityKeySet _securitySet)
   {
       str name;
       AccessRecordType recordType;
       int idx;
       AccessType accessType;
       for (idx = 1; idx <= conLen(menuItems); idx++)
       {
           [name, recordType] = conpeek(menuItems, idx);
           accessType = _securitySet.menuItemAccess(name, recordType);
           if (accessType!= AccessType::NoAccess)
           {
               info(strFmt('%1:%2, %3', name, recordType, accessType));
               _securitySet.menuItemAccess(name, recordType, AccessType::NoAccess);
           }
       }
   }
   void processGroup(UserGroupInfo _group)
   {
       UserGroupInfo localGroup;
       SecurityKeySet securitySet = SysSecurity::constructSecurityKeySet();
   ;
       setPrefix(_group.caption());
       // make a new ID
       localGroup.Id = strReplace(_group.Id, 'DGP_', 'DMS_');
       info(localGroup.Id);
       // make a new name
       localGroup.name = _group.name + ' (some suffix)';
       localGroup.insert();        
       securitySet.loadGroupRights(_group.Id, domain);
       disableMenuItems(securitySet);
       xAccessRightsList::saveSecurityRights(securitySet.pack(), localGroup.Id, domain);
   }
   setPrefix("Copy groups");
   for (i=1; i<=conLen(groups); i++)
   {
       groupID = conPeek(groups, i);
       select userGroup where userGroup.Id == groupID;
       if (userGroup)
           processGroup(userGroup);
       else
           warning('!found');
   }
   info('ok');

} </xpp>