411
I have an issue on one of my environments with coded security sub roles. The sub roles appear on the security configuration screen but not on the user role assignation screen. We tried to run a db sync on the environment, although successful, it did not resolve our issue.
Hello Everyone,
I resolved the issue thanks to all your input :). When restoring the databases, we do a backup of the original sysuserrole table so as to restore it later on. There was a missing reference and that's why the security objects were not synchronizing. Funny that we were able to do that despite the FK constraints. Anyway, big thanks to all of you.
Ashwin
Create a duplicate of the unpublished role and then delete the old one.
You are probably running into issues because you have been modifying and creating roles in the UI and also referenced these through code. It is not an approach I would recommend.
Hello,
We did a full restore from production to training, so the data on training environment should be aligned with production.
Ashwin
Hello Ashwin,
One question. Was there some role or subrole created by hand in training environment? It seems that you have codec role/subrole and manually created role/subrole that have same value. So when you run sync, application tries to add row from app to DB, and failed. This table do not allow duplicates. You may try delete (not publish) this role and run sunc without it. Then recreate it manually, if will not be synced from DB. Recreation gives it new value.
Marek
Try to publish objects ,
as I see in your screenshot , there are 30 objects need to publish
Hello Everyone,
Thank you for your insight.
The issue on this environment (training) appeared when we restored the production database on it. The code is aligned on both environments (same build version). However, our functional guys have created a lot of roles in front-end in production. I was able to publish all roles except one. When I try to publish this role, I get the following message :
Same thing happens when I try to synchronize security objects from the application. Not sure what to do next. I have checked the AOS events and I came accross the following message :
| - | EventData |
| exceptionMessage | Cannot insert duplicate key row in object 'dbo.SECURITYROLEEXPLODEDGRAPH' with unique index 'I_65485ROLESUBROLEIDX'. The duplicate key value is (680, 680). The statement has been terminated. |
| exceptionSource | .Net SqlClient Data Provider |
| exceptionStackTrace | at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction) at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose) at System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady) at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj) at System.Data.SqlClient.SqlBulkCopy.RunParser(BulkCopySimpleResultSet bulkCopyHandler) at System.Data.SqlClient.SqlBulkCopy.CopyBatchesAsyncContinuedOnSuccess(BulkCopySimpleResultSet internalResults, String updateBulkCommandText, CancellationToken cts, TaskCompletionSource`1 source) at System.Data.SqlClient.SqlBulkCopy.CopyBatchesAsyncContinued(BulkCopySimpleResultSet internalResults, String updateBulkCommandText, CancellationToken cts, TaskCompletionSource`1 source) at System.Data.SqlClient.SqlBulkCopy.CopyBatchesAsync(BulkCopySimpleResultSet internalResults, String updateBulkCommandText, CancellationToken cts, TaskCompletionSource`1 source) at System.Data.SqlClient.SqlBulkCopy.WriteToServerInternalRestContinuedAsync(BulkCopySimpleResultSet internalResults, CancellationToken cts, TaskCompletionSource`1 source) at System.Data.SqlClient.SqlBulkCopy.WriteToServerInternalRestAsync(CancellationToken cts, TaskCompletionSource`1 source) at System.Data.SqlClient.SqlBulkCopy.WriteToServerInternalAsync(CancellationToken ctoken) at System.Data.SqlClient.SqlBulkCopy.WriteRowSourceToServerAsync(Int32 columnCount, CancellationToken ctoken) at System.Data.SqlClient.SqlBulkCopy.WriteToServer(DataTable table, DataRowState rowState) at Microsoft.Dynamics.AX.Security.Management.RoleExplodedGraphSync.BulkInsert(Func`1 getDatabaseContext, Boolean canLockTable, IEnumerable`1 roleFlattenedInfoEnumerable, Boolean isFullSync, Dictionary`2 roleRecidMap, Int64 maxRecid) at Microsoft.Dynamics.AX.Security.Management.RoleExplodedGraphSync.Run(Func`1 getDatabaseContext, Boolean canLockTable, IEnumerable`1 roleFlattenedInfoEnumerable, Dictionary`2 roleRecidMap, Int64 maxRecid) at Microsoft.Dynamics.AX.Security.Management.TablePublisher.PublishOptimizationTables(SecurityRepository securityRepository, Func`1 databaseContextFunc, Boolean canLockTable, Dictionary`2 roleRecidMap, Dictionary`2 dutyRecidMap, Dictionary`2 privilegeRecidMap, PermissionGraph permissionGraph) at Microsoft.Dynamics.AX.Security.Management.TablePublisher.Run(Func`1 databaseContextFunc, Boolean canLockTable, ObjectEventRecorder eventRecorder, SecurityRepository securityRepository, SecurityIdentifiersSetsStatesBag identifierSetStates, Boolean autoIncludeMissingDependencies, SecurityIdentifiersBag& missingDependencies, HashSet`1 rolesToRecalculate) at Microsoft.Dynamics.AX.Security.Management.PublishManager.PublishChanges(SecurityIdentifiersSetsStatesBag setStatesBag, Boolean autoIncludeMissingDependencies, SecurityIdentifiersBag& missingDependencies) at Microsoft.Dynamics.AX.Security.Management.UI.PublishService.PublishForceAll() at Dynamics.AX.Application.SysSecPublishService.`PublishForceAll() in xppSource://Source/ApplicationFoundation\AxClass_SysSecPublishService.xpp:line 153 |
@NikolajS: Thanks for pointing me to the screenshot. It was very small on my mobile device. Now it is clear on my laptop.
@Ashwin: The tab Unpublished objects contains 30 elements. Like NikolajS mentioned, try publishing these objects first. Note that the security configuration is a work document form. If you have unpublished objects, it will not show the security objects as currently active.
Hi André.
If you look at Ashwins screenshot you will see that the security role assigned to the user does not contain any subroles, if you have a look at the system user role in his screenshot it is indicated that this security has subroles.
This indicates that the custom security role does not contain the subroles assigned, my best guess would still be that he needs to publish the changes and some modifications have been done to the roles. Maybe the subroles have been done as customization while the link in the parent role is coded, and they have forgotten to publish the subroles. It seems like a strange approach, but could be the reason.
Hi Ashwin,
If the security role has sub-roles, you can only see the security role on the user assignment. The contents of the role with duties, privileges and also sub roles are not visible, but working. It is not like that the sub roles will also be assigned automatically as separate roles.
Have you tried publishing the security objects in your environment?
If that does not help I would also assume that you have perhaps referenced a security role which does not exist.
#1
André Arnaud de Cal...
291,904
Super User 2024 Season 2
#2
Martin Dráb
230,605
Most Valuable Professional
#3
nmaenpaa
101,156
Share
Report
All responses (
Answers (
