Skip to main content

Notifications

Announcements

No record found.

Microsoft Dynamics AX (Archived)

Form editable even though only view rights are given

(0) ShareShare
ReportReport
Posted on by Microsoft Employee

Hi

I've got a really weird issue with security on the table smmActivities.

To investigate, I made 1 role with just 1 privilege with 1 READ access entry point.

Thus 1 role, 1 priv, 1 menu display item (read), 1 form (smmActivities).

The security tool shows me the role has view access on smmActivities.

The "security add-in" shows me that the role has view access on smmActivities.

However, when i test this (using a security test workspace OR a completely new user with only this role) i am able to edit and even delete records.

This seems absurd: is this functionality hardcoded in AX or something?

*This post is locked for comments

  • Suggested answer
    guk1964 Profile Picture
    guk1964 10,877 on at
    RE: Form editable even though only view rights are given

    Not sure whether this is the issue you have ..........

    To restrict access to a field group it is enough just to set its NeededPermission property, to Manual and then to provide your users with a special privilege on this form control.

    However, when it comes to a grid, it is not enough: you also need to change the same property and the needed permission on all included fields or, also the display methods.

    for background info msdn.microsoft.com/.../gg879980.aspx

  • Vilmos Kintera Profile Picture
    Vilmos Kintera 46,149 on at
    RE: Form editable even though only view rights are given

    No, it should not. Security is stronger, you can only get around it with the unchecked() keyword in code, or doing a runAs().

  • Community Member Profile Picture
    Community Member Microsoft Employee on at
    RE: Form editable even though only view rights are given

    Long shot, but i'm seeing a lot of allowEdit() and allowCreate() code in the code of this form.

    I hope the allowEdit does not override the permissions granted by the security framework?

  • Suggested answer
    Vilmos Kintera Profile Picture
    Vilmos Kintera 46,149 on at
    RE: Form editable even though only view rights are given

    Try flushing/priming the security role cache once you have stopped your AX AOS instance with the AXUtil as explained here:

    [View:https://blogs.msdn.microsoft.com/axsupport/2014/05/08/ax-user-sessions-hanging-following-changes-to-security/:750:50]

    Also drop the usage data for the form element in SysLastValue.

    You do not have to use separate users, you could just add the role to your admin account and revoke admin access temporarily for a newly opened workspace:

    static void WIK_RunAsUser(Args _args)
    {
        SecurityUtil::sysAdminMode(false);
        //SecurityUtil::flushAll();
        infolog.createWorkspaceWindow();
    }


Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

December Spotlight Star - Muhammad Affan

Congratulations to a top community star!

Top 10 leaders for November!

Congratulations to our November super stars!

Tips for Writing Effective Verified Answers

Best practices for providing successful forum answers ✍️

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 291,391 Super User 2024 Season 2

#2
Martin Dráb Profile Picture

Martin Dráb 230,445 Most Valuable Professional

#3
nmaenpaa Profile Picture

nmaenpaa 101,156

Leaderboard

Featured topics

Product updates

Dynamics 365 release plans