Notifications
Announcements
No record found.
Hello,
On Dynamics AX 2009 - How can I ad-hoc bypass permission for a the current user, and eventually run some code that ignores the user permissions.
Thanks :)
*This post is locked for comments
Most user permission checks are not run for actions invoked directly from code, so you typically don't need to do anything.
There are some special cases, though - AOS authorization and MaxAccessMode. skipAOSValidation() method and unchecked keyword can help with that, but use them with care.
When using unchecked(Uncheck::TableSecurityPermission) { ...
Still - there is no affect (there is no bypass of table user permission).
When I am using <tablename>.skipAosValidation I am getting the following error:
Request for the permission of type 'SkipAOSValidationPermission' failed.
(S)\Classes\SkipAOSValidationPermission\demand
(S)\Classes\xRecord\skipAosValidation
The documentation of skipAOSValidation() clearly says:
If an attacker can control input to the skipAosValidation method, a security risk exists. Therefore, this method runs under Code Access Security. Calls to this method on the server require permission from the SkipAOSValidationPermission Class.
Doesn't that answer what you did wrong when calling skipAOSValidation()? Reading documentation and using search engines are important skills for today's developers.
If unchecked doesn't work, you're probably applying that to a wrong problem. If you tell us what's the problem, maybe we'll be able to provide a solution.
The table is userinfo.
The method run on server.
What is not working, is not that I get a message, but just userinfo returns no record (while I am doing select with).
Here is some code :
public static server void test(EmplId _emplId) {
UserInfo userInfo;
SysCompanyUserInfo sysCompanyUserInfo;
;
new SkipAOSValidationPermission().assert();
UserInfo.skipAosValidation(true);
sysCompanyUserInfo.skipAosValidation(true);
select firstonly UserId
from sysCompanyUserInfo index EmplIdIdx where sysCompanyUserInfo.EmplId == _emplId;
select UserInfo
where UserInfo.Id == sysCompanyUserInfo.UserId;
info("rec:" + int642str(sysCompanyUserInfo.RecId) + ".user:" + sysCompanyUserInfo.UserId);
info("rec2:" + int642str(userInfo.RecId));
UserInfo.skipAosValidation(false);
sysCompanyUserInfo.skipAosValidation(false);
CodeAccessPermission::revertAssert();
}
info("rec 2:" ... returns record = 0).
When I am trying the with user that has the permission, rec 2 returns record > 0.
What is wrong with the code?
You're solving a wrong problem - the code returns data for me (for a user without any groups) and I don't need to bother with any AOS authorization. (UserInfo has AOS validation for Create and Delete, not for Read.)
You have probably probably some kind of data issue there.
For some unknown reason, also it work for me, if I do something like:
UserId userId;
boolean userIdOk;
userId = sysCompanyUserInfo::emplId2UserId(_emplId);
while select userInfo {
if (UserInfo.id == userId) {
userIdOk = true;
break;
(I didn't write the extra code for permission: skipAosValidation etc ... and the above worked).
when I wrote :
where UserInfo.Id == sysCompanyUserInfo::emplId2UserId(_emplId);
No record found (only for a specific user permission, since I tried and copied the permission to my own user temporarily and it didn't work either),
no matter whether I add skipAosValidation or didn't.
Under review
Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.
As AI tools become more common, we’re introducing a Responsible AI Use…
We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…
These are the community rock stars!
Stay up to date on forum activity by subscribing.
Martin Dráb 4 Most Valuable Professional
Priya_K 4
MyDynamicsNAV 2
