web
You’re offline. This is a read only version of the page.
close
Skip to main content
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics AX (Archived) / Cross company query an...
Microsoft Dynamics AX (Archived)

Cross company query and troubles of using it for reports. Request suggestion for any better approach

(0) ShareShare
ReportReport
Posted on by venkatesh vadlamani 3,180

Hi ,

I faced a strange issue with SysQuery Form when cross company is enabled.

Consider these scenario, I have a user who is a finance manager in a legal entity say LE01. But he has access to Employee role in le01,Le02,Le03 . I have more than 20 Legal entities. Now with his role mapping to legal entities he shouldnot have more than Le01 data access for finance reports. Strange thing is that sysQueryForm doesnt validate the access to LE wrt to access to report. It allows me to select the le01,le02,le03   . Which is the first issue. If we select the Le02 , Le03 we are able to see this data in the report

The worst part of the issue is when i select Le01,Le02,Le03   select all will be enabled in the company range tab in the sysquery form . Now i will get the data not just related these 3 legal entities but remaining 17 legal entities are also rendered.

Now i had to create a new controller extending srsReportRunController and modify the prePromptModifyContract to get list of valid agencies that user has access to this report menu using (SecurityRole,SecurityRoleUser,SecurityRoleExplodedGraph,SecurityRoleTaskGrant,SecurityTaskExplodedGraph,SecurableObject, OmUserOrganizationRole tables)  , Validate in Pre-RunModifyContract agains this list for the list selected by the user

All this is done. I am able to filter the data based on the user access to entity.

The biggest challenge is in reports where the base tables are crossCompany this is causing the Ax32serv.exe process ie AOS to crash. I have checked using the trace parser and found that when ever and query.addcompanyRange('example1') is used it will add this example1 as range to DATAAREA table which is added by kernel . This range value is blowing out of proportions . I add a max of 20 values based on the role at any given instance. Now when these 20 are added to query, i am able to see in trace parser that more than 380 values are added to range. I validate the values in the  'IN'  statement list values that is generated , they repeat for 20 times or so. There is no real reason for this strange behavior that i could convince my self to restructure my code.

If you have a suggestion on what other ways i can achieve cross company ensuring that security access to data is still intact .

Regards

Venkatesh

*This post is locked for comments

I have the same question (0)
  • Tommy Skaue Profile Picture
    Tommy Skaue Moderator on at
    RE: Cross company query and troubles of using it for reports. Request suggestion for any better approach

    Never seen this before. Should be interesting to see where this leads. You should report the problem to Microsoft, and have them take a look. It might be a unintentional "feature" (aka bug). :-)

  • venkatesh vadlamani Profile Picture
    venkatesh vadlamani 3,180 on at
    RE: Cross company query and troubles of using it for reports. Request suggestion for any better approach

    Thank you for the response!

    When AOS crashed i had no words to express my disbelief. How can a service crash when a query is little complex. Can accept exception but not service crash

    My client has raised this up as a security violation with Microsoft.

    MS is supposed to come back with a hotfix.

    I have tried to debug the same but the company range for a AOT query is a container . It can be retrieved from query object. But couldnt find a place where this is initialized.The behavior is very random. The list of companies for selection in query tab comes from a tmp table initialized when query select button is triggered using the number of values the container for company ranges is initialized with . I have tried to pass the context of menuitem that triggered the report to this and was able to over ride with only the valid list . Code where this can be done is classes\SysQueryForm  . But the system is already in production so these kind of changes just cannot be entertained as the impact is very high.

    I have suggested to have a UI mutliselect drop down parameter, instead of query company selection. In the DP class of the report just get then list of valid company ID's, make the query cross company true dynamically and set the company range before the query run iterator is instantiated, But this need to be done on more than 30 reports.

    Finally ended up with using the approach mentioned in previous thread to secure the data till MS comes with a fix.

    Regards

    Venkatesh

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Join experts in person to explore low code and AI agents at the Power Platform Community Conference sponsored by Microsoft

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Abhilash Warrier – Community Spotlight

We are honored to recognize Abhilash Warrier as our Community Spotlight honoree for…

Congratulations to the September Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > 🔒一 Microsoft Dynamics AX (Archived)

#1
Martin Tocauer Profile Picture

Martin Tocauer 4

#1
Community Member Profile Picture

Community Member 4

#3
Nayyar Siddiqi Profile Picture

Nayyar Siddiqi 2

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans