Question Status

Verified
united5675 asked a question on 24 May 2013 5:45 PM

Hello,

I have created a form with a grid and delete record command button in actionpane. I have granted full control privileges to the users who wants to access this form, however when a systerm administrator user accesses the form, he can see the delete record command button enabled, when non system administrator user logins with full control, delete record button is disabled. I checked privileges and permissions, they are granted at form and table levels, yet still the user cannot see delete record button enabled.

Any good feedback will be highly appreciated.

Thanks,

Salman

Reply
Dick Wenning responded on 25 May 2013 2:16 AM

is a security thing. check first on the form, data source is allow delete set?

next look at the privileges on the form is delete allowed?

Kind regards, 

Kaya Solutions

Dick Wenning

+31 6 147 989 53 

Landjuweel 5

3905 PE - Veenendaal

 

OTHER CONTACT INFORMATION

Reply
André Arnaud de Calavon responded on 25 May 2013 11:31 AM

Hi Salman,

What access level is set on the entry point (menu-item) at the privilege? Is this privilege part of a duty and within the users role? Or maybe directly attached to the role?

If attached to duty and/or role, is there any object where the property 'Enabled' is set to 'No'?

kind regards,

André Arnaud de Calavon  |  Microsoft Dynamics AX Solution architect  |  My blog  |  My company

This post is my own opinion and does not necessarily reflect the opinion or view of my company, Microsoft, both its employees, or other MVPs.

Reply
united5675 responded on 26 May 2013 12:17 PM

thanks for reply this is what i did.

My form is Saleshdr which contains new,delete functionality and grid. 2 buttons enables user likes to add or delete a item form the grid

I created privilege on entry point for this form with following information

Name: SaleshdrPvlg

ObjectType: MenuItemDisplay

ObjectName: Saleshdr

AcessLevel: Read

I am not sure i should set to Read but i tested it with all other accesslevel options such as Read,Update,Delete etc. no difference.

Then I created Duties and attached the above mentioned privilege as follows

Duties object name: SalesHdrDty

Name:SaleshdrPvlg

Enabled: yes

final step is I created role and attached the above duties to the role

Role Object Name: ProdPlan

Enabled: Yes

PastDataAcess: Update

CurrentDataAccess: Update

FutureDataAccess: Update

This is what I have done, if someone with expertise could write me the instruction how they would do would be very helpful.

Thanks,

salman

Reply
Verified Answer
André Arnaud de Calavon responded on 26 May 2013 12:52 PM

Hi Salman.

In this case you need to set the access level of  SaleshdrPvlg to 'Delete'.

Also set the Past, Current and Future DataAccess to 'Delete' on the role.

You mentioned that you tested the privilege with other access levels. Was that from within the system administrator role or this one?

Usually for a form you will create two privileges (or include the form in existing ones):

- PrivilegeEndingWithMaintain  = Delete access

- PrivilegeEndingWithView = Read access.

Also the Duties have this pattern. Within the roles you can then select the Maintain or View access.

Good luck!

kind regards,

André Arnaud de Calavon  |  Microsoft Dynamics AX Solution architect  |  My blog  |  My company

This post is my own opinion and does not necessarily reflect the opinion or view of my company, Microsoft, both its employees, or other MVPs.

Reply
united5675 responded on 26 May 2013 2:41 PM

hello andre,

Thanks I am creating roles, duties and privileges as dynamics AX system administrator, i have another account as AX dynamics test user which roles are assigned appropriately.

I followed your instructions, I couldn't understand your instructions for creating two privileges.

You want me to create these two privileges - PrivilegeEndingWithMaintain  = Delete access,- PrivilegeEndingWithView = Read access at form level or add form under forms under roles and set these properties.  I tried both,  I can't find these two properties as you mentioned, where can i find these two properties - PrivilegeEndingWithMaintain  = Delete access - PrivilegeEndingWithView = Read access.. Can you please direct me.

Also Can you tell me what privileges i should set on tables, forms, privileges, duties and roles.

This is very critical so please help me out.

thanks,

salman

Reply
André Arnaud de Calavon responded on 26 May 2013 10:03 PM

Hi Salman,

When you follow the first two lines, it should work for you. Please try and confirm.

When this works we can help you understand the patterns on the security out of the box.

One example for this already: When you look at the duties OOTB, you will see both "Maintain customer model" and "Inquire into customer model". Both are based on privileges containing the same menu-items, but one is for full access, the other read only.

kind regards,

André Arnaud de Calavon  |  Microsoft Dynamics AX Solution architect  |  My blog  |  My company

This post is my own opinion and does not necessarily reflect the opinion or view of my company, Microsoft, both its employees, or other MVPs.

Reply
united5675 responded on 31 May 2013 5:49 AM

Your suggestion was absolutely helpful thank you very much. However I have another issue now.

I created a Role/Privilege and label for role in a label editor. When i go to admin page to assign roles list form, i see the label id in role name column and label id in role description column instead of role name and role description. When i select the role item which is a label id there are no privileges attached to it. I don't know this is a bug or i am doing something wrong FYI I am working on Dynamics AX 2012 R1.  When I reset the label and description to text it works fine, but when i change the text to a label id e.g. @XYZ7, role does not appear and it doesn't work.

I would appreciate if you can help me out.

Regards,

salman

Reply
Verified Answer
André Arnaud de Calavon responded on 26 May 2013 12:52 PM

Hi Salman.

In this case you need to set the access level of  SaleshdrPvlg to 'Delete'.

Also set the Past, Current and Future DataAccess to 'Delete' on the role.

You mentioned that you tested the privilege with other access levels. Was that from within the system administrator role or this one?

Usually for a form you will create two privileges (or include the form in existing ones):

- PrivilegeEndingWithMaintain  = Delete access

- PrivilegeEndingWithView = Read access.

Also the Duties have this pattern. Within the roles you can then select the Maintain or View access.

Good luck!

kind regards,

André Arnaud de Calavon  |  Microsoft Dynamics AX Solution architect  |  My blog  |  My company

This post is my own opinion and does not necessarily reflect the opinion or view of my company, Microsoft, both its employees, or other MVPs.

Reply