Security

Some info about security system in Ax

Record Level Security -- allows to provide users access to only records they need

how to copy user groups
Task: copy groups with names DGP_xxxx to groups with names DMS_xxxx and restrict access of new groups to some menu items

static void SYS_CopyUserGroup(Args _args) {   UserGroupInfo userGroup; UserGroup groupID; str domain = 'cnt'; int i;   // source groups container groups=[ 'DGP_Office', 'DGP_OffAg', 'DGP_Expert', 'DGP_Main', 'DGP_Inspec', 'DGP_Agent', 'DGP_View', 'DGP_Anal' ];   // menu items, to restrict access container menuItems = [ [menuItemDisplayStr(ASP_AgentDemoList), AccessRecordType::MenuItemDisplay], [menuItemDisplayStr(ASP_Agent), AccessRecordType::MenuItemDisplay], [menuItemDisplayStr(ASP_CreateOnBasis), AccessRecordType::MenuItemDisplay] ];   void disableMenuItems(SecurityKeySet _securitySet) {       str name; AccessRecordType recordType; int idx; AccessType accessType; for (idx = 1; idx <= conLen(menuItems); idx++) {           [name, recordType] = conpeek(menuItems, idx); accessType = _securitySet.menuItemAccess(name, recordType); if (accessType!= AccessType::NoAccess) {               info(strFmt('%1:%2, %3', name, recordType, accessType)); _securitySet.menuItemAccess(name, recordType, AccessType::NoAccess); }       }    }

void processGroup(UserGroupInfo _group) {       UserGroupInfo localGroup; SecurityKeySet securitySet = SysSecurity::constructSecurityKeySet; ;       setPrefix(_group.caption); // make a new ID       localGroup.Id = strReplace(_group.Id, 'DGP_', 'DMS_'); info(localGroup.Id); // make a new name localGroup.name = _group.name + ' (some suffix)'; localGroup.insert; securitySet.loadGroupRights(_group.Id, domain); disableMenuItems(securitySet); xAccessRightsList::saveSecurityRights(securitySet.pack, localGroup.Id, domain); }   setPrefix("Copy groups"); for (i=1; i<=conLen(groups); i++) {       groupID = conPeek(groups, i); select userGroup where userGroup.Id == groupID; if (userGroup) processGroup(userGroup); else warning('!found'); }   info('ok'); }