Skip to main content

Notifications

Announcements

No record found.

Microsoft Dynamics AX forum
Suggested answer

Cannot view All customers for non-System Administrator role

Posted on by 285

we are using customized security roles based on Internal Audit requirement. We just noticed that "Not All" customers were available on AR > Common > Customers > All customers.

Is there a specific Security Role/Privilege/Duties that I need to include so they may able to view these accounts?

  • Suggested answer
    André Arnaud de Calavon Profile Picture
    André Arnaud de Cal... 287,696 Super User on at
    RE: Cannot view All customers for non-System Administrator role

    Hi M P,

    In your environment, a Global address book feature might be enabled: docs.microsoft.com/.../about-security-in-the-global-address-book

    This can indeed limit the number of customers and it is based on the XDS policies.

    So, check if GAB security is enabled. In that case, the user will only see customers which are part of his address book (assigned via teams) and all customers without an address book tag.

    In addition, there are some public sector roles which do have a security policy enabled which could also be the case. However, I thought this was only restricting vendors; not sure about the customers.

  • M P Profile Picture
    M P 285 on at
    RE: Cannot view All customers for non-System Administrator role

    We just raised a case to Microsoft and will share whatever findings that they see.

  • Suggested answer
    nmaenpaa Profile Picture
    nmaenpaa 101,148 on at
    RE: Cannot view All customers for non-System Administrator role

    Yes, if the user is System admin, security is bypassed so that's why you see the difference when the client is opened.

    But since you see different results in All customers form, it means that the query for All customers form must be different for these two users. And it would be interesting to see that query. Were you able to collect trace of that process? You say that the only difference that you spotted was the one that you already shared, which is not related to opening of All customers form.

    But just in case you missed something when you compared the traces of All customers form, could you share the queries for Admin and non-admin, when they opened All customers form? Perhaps we can spot something that you missed.

  • M P Profile Picture
    M P 285 on at
    RE: Cannot view All customers for non-System Administrator role

    the trace log looks the same, just had an additional line pertaining to MyRoles. When I check the XDS method, it is pertaining to checking if the role is SysAdmin

    Call stack:

    (S)\Classes\xRecord\insert

    (S)\Data Dictionary\Tables\MyRoles\Methods\PopulateRolesForNonAdminUser - line 26

    (S)\Data Dictionary\Tables\MyRoles\Methods\XDS - line 17

    (S)\Classes\SysQueryRangeUtil\currentRoleHasAccessToPrivate - line 28

    (S)<runtime compiled code>\anytype wrapper(){ return SysQueryRangeUtil::currentRoleHasAccessToPrivate(); }

  • Suggested answer
    nmaenpaa Profile Picture
    nmaenpaa 101,148 on at
    RE: Cannot view All customers for non-System Administrator role

    So are you saying that when the users open All customers form, the trace is exactly the same for System administrator and non-admin user? If yes, then the query is exactly the same and then they both will see all customers.

  • M P Profile Picture
    M P 285 on at
    RE: Cannot view All customers for non-System Administrator role

    I only show the difference between SysAdmin role and the other.

  • nmaenpaa Profile Picture
    nmaenpaa 101,148 on at
    RE: Cannot view All customers for non-System Administrator role

    The trace above seems to be related to opening AX client, not the customers form, so it looks to me that it doesn't contain explanation for your situation.

  • M P Profile Picture
    M P 285 on at
    RE: Cannot view All customers for non-System Administrator role

    Did a trace and perform same steps just to capture the log for both the default System Administrators and Locally Customized Role and found difference. Is there anyway to bypass this part?

    SQL statement: SELECT T1.ID,T1.NAME,T1.ENABLE,T1.DEL_STARTUPMENU,T1.STATUSLINEINFO,T1.TOOLBARINFO,T1.DEBUGINFO,T1.AUTOINFO,T1.AUTOUPDATE,T1.GARBAGECOLLECTLIMIT,T1.HISTORYLIMIT,T1.MESSAGELIMIT,T1.GENERALINFO,T1.SHOWSTATUSLINE,T1.SHOWTOOLBAR,T1.DEBUGGERPOPUP,T1.SHOWAOTLAYER,T1.DEL_PASSWORD,T1.DEL_OSACCOUNTNAME,T1.STARTUPPROJECT,T1.CONFIRMDELETE,T1.CONFIRMUPDATE,T1.REPORTFONTNAME,T1.REPORTFONTSIZE,T1.FORMFONTNAME,T1.FORMFONTSIZE,T1.PROPERTYFONTNAME,T1.PROPERTYFONTSIZE,T1.INFOLOGLEVEL,T1.COMPANY,T1.AUTOLOGOFF,T1.QUERYTIMELIMIT,T1.TRACEINFO,T1.REPORTTOPMARGIN,T1.REPORTBOTTOMMARGIN,T1.REPORTLEFTMARGIN,T1.REPORTRIGHTMARGIN,T1.COMPILERWARNINGLEVEL,T1.SID,T1.NETWORKDOMAIN,T1.NETWORKALIAS,T1.ENABLEDONCE,T1.EXTERNALUSER,T1.LANGUAGE,T1.HELPLANGUAGE,T1.PREFERREDTIMEZONE,T1.PREFERREDCALENDAR,T1.HOMEPAGEREFRESHDURATION,T1.NOTIFYTIMEZONEMISMATCH,T1.FILTERBYGRIDONBYDEFAULT,T1.GLOBALFORMOPENMODE,T1.DEL_DEFAULTMODELID,T1.SHOWMODELNAMEINAOT,T1.ACCOUNTTYPE,T1.ISSUERRECID,T1.CREDENTIALRECID,T1.GLOBALLISTPAGELINKMODE,T1.GLOBALEXCELEXPORTMODE,T1.GLOBALEXCELEXPORTLOCATION,T1.CLIENTACCESSLOGLEVEL,T1.DEFAULTPARTITION,T1.GLOBALEXCELEXPORTFILEPATH,T1.RECVERSION,T1.PARTITION,T1.RECID FROM USERINFO T1 WHERE ((PARTITION=xxxxxx) AND (ID=?)) [ID=xxxxx, Reused=Yes]

    Call stack:

    (S)\Classes\xAxaptaUserManager\GetRolesForUser

    (S)\Data Dictionary\Tables\MyRoles\Methods\PopulateRolesForNonAdminUser - line 15

    (S)\Data Dictionary\Tables\MyRoles\Methods\XDS - line 17

    (S)\Classes\SysQueryRangeUtil\currentRoleHasAccessToPrivate - line 28

    (S)<runtime compiled code>\anytype wrapper(){ return SysQueryRangeUtil::currentRoleHasAccessToPrivate(); }

    Database: Microsoft SQL Server

    SQL statement: SELECT T1.RECID,T1.AOTNAME FROM [XXXX_model].[dbo].SECURITYROLE T1 WHERE (RECID=?) [ID=2, Reused=No]

    Call stack:

    (S)\Data Dictionary\Tables\MyRoles\Methods\PopulateRolesForNonAdminUser - line 23

    (S)\Data Dictionary\Tables\MyRoles\Methods\XDS - line 17

    (S)\Classes\SysQueryRangeUtil\currentRoleHasAccessToPrivate - line 28

    (S)<runtime compiled code>\anytype wrapper(){ return SysQueryRangeUtil::currentRoleHasAccessToPrivate(); }

  • Suggested answer
    nmaenpaa Profile Picture
    nmaenpaa 101,148 on at
    RE: Cannot view All customers for non-System Administrator role

    You say that there's no data related security setup. I still doubt that, but let's assume that it's correct.

    Perhaps you have some customization that hides some customers for non-admins?

    One thing that can help you find the explanation is to capture trace when you open All customers form with non-admin role, and see what kind of SQL statement is executed when the form is opened. Tracing is only possible for administrators so you need one admin user capturing the trace and another user opening the Customers form. Once you have the trace, you can analyze it with Trace parser. Before asking more about Trace parser, please try to find the official documentation and many blog that should provide sufficient information to use it :)

  • M P Profile Picture
    M P 285 on at
    RE: Cannot view All customers for non-System Administrator role

    Tried other roles and it seems only the default System Administrator role can access the All Customer records. Any other suggestions that I need to check?

Helpful resources

Quick Links

Replay now available! Dynamics 365 Community Call (CRM Edition)

Catch up on the first D365 Community Call held on 7/10

Community Spotlight of the Month

Kudos to Saurav Dhyani!

Congratulations to the June Top 10 community leaders!

These stars go above and beyond . . .

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 287,696 Super User

#2
Martin Dráb Profile Picture

Martin Dráb 225,490 Super User

#3
nmaenpaa Profile Picture

nmaenpaa 101,148

Leaderboard

Featured topics

Product updates

Dynamics 365 release plans