web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics AX (Archived) / How to Export Role,Dut...
Microsoft Dynamics AX (Archived)

How to Export Role,Duty and Privilege in AX 2012

(0) ShareShare
ReportReport
Posted on by ATMA-Jen 319

Hello,

I survey all WWW about AX 2012,  found the script in X++ can't work.

could have anyone had the code can share??

I found a script , but had a running error:

CommaTextIo object not initialised.

Stack trace

(C)\Jobs\AE_SecurityReport - line 95

line 95 is :commaTextIo.write('RoleName,AOTRoleName,Label,Description,MenuItemType,MenutItemName,MenuItemel,Duty,Privilege,Access Level');

could anyone can fix it??

Thanks in advance.

The script is:

from the webside: anithasantosh.wordpress.com/.../extract-security-objects-details-for-a-role

public void AE_SecurityReport()
{
#AOT
#File

SecurityRoleAOTName roleAOTName ;
SecurityRoleName roleName;
SecurityRole securityRole;


TreeNode treeNode;
TreeNode treeNodeDuty = infolog.findNode(@'\Security\Duties\');
TreeNode treeNodePriv = infolog.findNode(@'\Security\Privileges\');
TreeNode treeNodePrivNew;
TreeNode treeNodeDutyNew;
TreeNode treeNodeObj;
TreeNodeTraverser treenodeT;
TreeNode treeNodeRole;
TreeNode treeMenu;

Set setDuty ;
Set setPrivilege;
Set setMenuItem;

SetEnumerator setEnumerator ;

SysModelElement modelElement;
SysModelElementType modelElementType;

UtilElementName name;
TreeNodePath path;

str maintainlicenseType;
str viewlicenseType;
str menuLabelName;
str roleAccess;
str configurationKey;
//str commaTextIo;

String50 menuName;
String255 securityPrivilege, securityDuty, securityMenuPath;
String50 engLabel, frLabel, engDescription, frDescription;

Label objLabel = new Label();
CommaTextIo commaTextIo;
FileIOPermission permission;
FileName fileName;

container getPrivilegeDetails(
SecurityRoleAOTName _roleName, MenuItemName _menuItemName)
{
SecurityTaskEntryPoint secTaskEntryPoint;
SecurityRole secRole;
SecurityRoleTaskGrant secRoleTaskGrant;
SecurityEntryPointLink secEntryPointLink;
SecurableObject secObject;
SecurityTask secTask,secTaskDuty;
SecuritySubTask secSubTask;
String255 secPrivilege, secDuty;
container conPrivDuty, conSecDuty ,conAccess ;
container conSecPrivilege;

Select secRole where secRole.AotName == _roleName;
select secObject where secObject.Name == _menuItemName &&
(secObject.Type == SecurableType::MenuItemDisplay ||
secObject.Type == SecurableType::MenuItemAction ||
secObject.Type == SecurableType::MenuItemOutput);
select secEntryPointLink where secEntryPointLink.EntryPoint == secObject.RecId;

while select SecurityTask from secRoleTaskGrant
where secRoleTaskGrant.SecurityRole == secRole.RecId
join SecuritySubTask from secSubTask
where secSubTask.SecurityTask == secRoleTaskGrant.RecId
join AotName from secTask
where secTask.RecId == secSubTask.SecuritySubTask
&& secTask.Type == SecurityTaskType::Privilege
join AotName from secTaskDuty
where secTaskDuty.RecId == secSubTask.SecurityTask
&& secTaskDuty.Type == SecurityTaskType::Duty
join PermissionGroup from secTaskEntryPoint
where secTaskEntryPoint.EntryPoint == secEntryPointLink.RecId &&
secTaskEntryPoint.SecurityTask == secSubTask.SecuritySubTask
{
conSecPrivilege += secTask.AotName;
conSecDuty += secTaskDuty.AotName;
conAccess += enum2str(secTaskEntryPoint.PermissionGroup);
}
conPrivDuty = [conSecPrivilege, conSecDuty,conAccess];
return conPrivDuty;
}
;
permission = new FileIOPermission(fileName,#io_write);
permission.assert();
commaTextIo = new CommaTextIo(fileName,#io_write);
commaTextIo.write('RoleName,AOTRoleName,Label,Description,MenuItemType,MenutItemName,MenuItemel,Duty,Privilege,Access Level');

select Name,AotName from securityRole where securityRole.AotName == "Production Manager";

roleAOTName = securityRole.AotName;
treeNode = TreeNode::findNode(@'\Security\Roles\'+ roleAOTName).AOTfirstChild();
treeNodeRole = treeNode::findNode(@'\Security\Roles\'+ roleAOTName);

// Loop through the roles to get Duties
treenodeT = null;
setDuty = new Set(Types::String);
treenodeT = new TreeNodeTraverser(treeNode, false);
while(treenodeT.next())
{
setDuty.add(treenodeT.currentNode().AOTname());
}
setEnumerator = null;
setPrivilege = new Set(Types::String);
// Loop thru the duties to get privileges
setEnumerator = setDuty.getEnumerator();
while (setEnumerator.moveNext())
{
treeNodeDutyNew = treeNodeDuty.AOTfindChild(setEnumerator.current()).AOTfirstChild();
treenodeT = new TreeNodeTraverser(treeNodeDutyNew, false);
while(treenodeT.next())
{
setPrivilege.add(treenodeT.currentNode().AOTname());
}
}

// Loop thru the privileges to get Entry points
setEnumerator = null;
setMenuItem = new Set(Types::String);
setEnumerator = setPrivilege.getEnumerator();

while (setEnumerator.moveNext())
{
treeNodePrivNew = treeNodePriv.AOTfindChild(setEnumerator.current()).AOTfirstChild();
treenodeT = new TreeNodeTraverser(treeNodePrivNew, false);
while(treenodeT.next())
{
setMenuItem.add(treenodeT.currentNode().AOTname());
}
}

// loop thru the menu items to get the properties
setEnumerator = null;
setEnumerator = setMenuItem.getEnumerator();
while (setEnumerator.moveNext())
{
name = setEnumerator.current();
select firstOnly1 modelelement
where modelelement.Name == name
&& (modelelement.ElementType == enum2int(UtilElementType::OutputTool) ||
modelelement.ElementType == enum2int(UtilElementType::ActionTool) ||
modelelement.ElementType == enum2int(UtilElementType::DisplayTool));

switch (modelelement.ElementType)
{
case enum2int(UtilElementType::OutputTool) :
path = #MenuItemsOutputPath;
break;

case enum2int(UtilElementType::ActionTool) :
path = #MenuItemsActionPath;
break;

case enum2int(UtilElementType::DisplayTool) :
path = #MenuItemsDisplayPath;
break;

default :
path = '';
break;
}
if (path)
{
select modelElementType where modelelementtype.TreeNodeName == path;
treeNodeObj = infolog.findNode(path).AOTfindChild(name);
menuLabelName = treeNodeObj.AOTgetProperty('Label');
menuName = treeNodeObj.AOTgetProperty('Name');
engLabel = SysLabel::labelId2String(treeNodeRole.AOTgetProperty('Label'), 'en-us');
frLabel = SysLabel::labelId2String(treeNodeRole.AOTgetProperty('Label'), 'fr');
engDescription = SysLabel::labelId2String(treeNodeRole.AOTgetProperty('Description'), 'en-us');
frDescription = SysLabel::labelId2String(treeNodeRole.AOTgetProperty('Description'), 'Fr');

treeMenu = infolog.findNode(#MenusPath);
treenodeT = new TreeNodeTraverser(treeMenu, false);

securityMenuPath = ' ';
while(treenodeT.next())
{
if(treeNodeT.currentNode().AOTfindChild(SysLabel::labelId2String2(menuLabelName)))//objLabel.extractString(menuLabelName)))
{
securityMenuPath = treenodeT.currentNode().treeNodePath();
}
}
securityPrivilege = conPeek(getPrivilegeDetails(roleAOTName, menuName),1);
securityDuty = conPeek(getPrivilegeDetails(roleAOTName, menuName),2);
roleAccess = conPeek(getPrivilegeDetails(roleAOTName, menuName),3);
maintainlicenseType = treeNodeObj.AOTgetProperty('MaintainUserLicense');
viewlicenseType = treeNodeObj.AOTgetProperty('ViewUserLicense');
configurationkey = treeNodeObj.AOTgetProperty('ConfigurationKey');

commaTextIo.write(roleName,roleAOTName,engLabel, engDescription, modelElementType.Name, treeNodeObj.AOTname(), objLabel.extractString(menuLabelName), securityDuty, securityPrivilege, roleAccess);
}
CodeAccessPermission::revertAssert();
}
}

*This post is locked for comments

I have the same question (0)
  • André Arnaud de Calavon Profile Picture
    André Arnaud de Cal... 301,069 Super User 2025 Season 2 on at

    Hi ATMA-Jen,

    My first thought is that it is failing due to a missing filename. The variable is not filled, so it probably does not create a commaTextIO object.

  • udaY-ch Profile Picture
    udaY-ch 5,133 on at

    Hi,

    Also do check the AOT name of the role which Product manager which should be ProdProductionManager.

    /Uday.

  • Suggested answer
    Rustem Galiamov Profile Picture
    Rustem Galiamov 8,072 on at

    Hi ATMA-Jen!

    Just to add to previous suggestions. You should set value of file path and name to fileName variable as fileName = "C:\\Test.csv". And, as Udhaya Chandran Rajendran mentioned, the Product manager role doesn't exists in AOT.

  • ATMA-Jen Profile Picture
    ATMA-Jen 319 on at

    Hello,

    I edit the code about filename and AOTname.

    but still get the error:

    CommaTextIo 对象 未初始化。

    堆栈跟踪

    (C)\Jobs\Jen_SecurityReport - line 94

    please help.

    Thanks.

    BR, Jen

    below is the code:

    90  fileName = "C:\\AXrole.csv";
    91  permission = new FileIOPermission(fileName,#io_write);
    92  permission.assert();
    93  commaTextIo = new CommaTextIo(fileName,#io_write);
    94  commaTextIo.write('RoleName,AOTRoleName,Label,Description,MenuItemType,MenutItemName,MenuItemel,Duty,Privilege,Access Level');

    95 select Name,AotName from securityRole where securityRole.AotName == "ProdProductionManager";

    96  roleAOTName = securityRole.AotName;

  • Rustem Galiamov Profile Picture
    Rustem Galiamov 8,072 on at

    Can you provide complete code please?

    And use </> in rich formatting to post your code.

  • André Arnaud de Calavon Profile Picture
    André Arnaud de Cal... 301,069 Super User 2025 Season 2 on at

    Hi ATMA-Yen,

    Make sure you are not trying to store a file in the root of the C-drive. Use e.g. a temp directory (make sure the directory name you want to use does exist)

    E.g:

    fileName =  "C:\\Temp\\AXrole.csv";

  • Suggested answer
    feelyd Profile Picture
    feelyd 260 on at

    Hi ATMA-Jen

    I was asked for this recently as well, users, roles, priviledges etc

    I found it easier to export the data using a sql script

    If you have access to the database, this script should work for you.

    Declan

    SELECT secRole.AOTNAME [Role_Name]--, secRoleExplode.SECURITYROLE,
    ,secRole2.AOTNAME [Subrole_Name]--, secRoleExplode.SECURITYSUBROLE,
    ,secTask.AOTNAME [Task_name]--, secRoleTask.SECURITYTASK,
    ,secTask2.AOTNAME [Subtask_name]--, secTaskExplode.SECURITYSUBTASK,
    ,
    CASE
    WHEN secTask2.TYPE = 0 THEN 'Privilege'
    WHEN secTask2.TYPE = 1 THEN 'Duties'
    ELSE 'Other'
    END AS OBJECTTYPE , dbo.[PRIME_LABELS](secTask.DESCRIPTION) ' Description'
    FROM SECURITYROLE secRole
    join SECURITYROLEEXPLODEDGRAPH secRoleExplode
    ON secRole.RECID = secRoleExplode.SECURITYROLE
    JOIN SECURITYROLE secRole2
    ON secRoleExplode.SECURITYSUBROLE = secRole2.RECID
    JOIN SECURITYROLETASKGRANT secRoleTask
    ON secRoleExplode.SECURITYSUBROLE = secRoleTask.SECURITYROLE
    JOIN SECURITYTASK secTask
    ON secTask.RECID = secRoleTask.SECURITYTASK
    JOIN SECURITYTASKEXPLODEDGRAPH secTaskExplode
    ON secRoleTask.SECURITYTASK = secTaskExplode.SECURITYTASK
    JOIN SECURITYTASK secTask2
    ON secTaskExplode.SECURITYSUBTASK = secTask2.RECID

    ORDER BY secRole.AOTNAME, OBJECTTYPE, secRoleExplode.SECURITYSUBROLE

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > 🔒一 Microsoft Dynamics AX (Archived)

#1
Martin Dráb Profile Picture

Martin Dráb 4 Most Valuable Professional

#1
Priya_K Profile Picture

Priya_K 4

#3
MyDynamicsNAV Profile Picture

MyDynamicsNAV 2

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans