Security
From Axaptapedia
Some info about security system in Ax
Record Level Security -- allows to provide users access to only records they need
[edit] how to copy user groups
Task: copy groups with names DGP_xxxx to groups with names DMS_xxxx and restrict access of new groups to some menu items
static void SYS_CopyUserGroup(Args _args) { UserGroupInfo userGroup; UserGroup groupID; str domain = 'cnt'; int i; // source groups container groups=[ 'DGP_Office', 'DGP_OffAg', 'DGP_Expert', 'DGP_Main', 'DGP_Inspec', 'DGP_Agent', 'DGP_View', 'DGP_Anal' ]; // menu items, to restrict access container menuItems = [ [menuItemDisplayStr(ASP_AgentDemoList), AccessRecordType::MenuItemDisplay], [menuItemDisplayStr(ASP_Agent), AccessRecordType::MenuItemDisplay], [menuItemDisplayStr(ASP_CreateOnBasis), AccessRecordType::MenuItemDisplay] ]; void disableMenuItems(SecurityKeySet _securitySet) { str name; AccessRecordType recordType; int idx; AccessType accessType; for (idx = 1; idx <= conLen(menuItems); idx++) { [name, recordType] = conpeek(menuItems, idx); accessType = _securitySet.menuItemAccess(name, recordType); if (accessType!= AccessType::NoAccess) { info(strFmt('%1:%2, %3', name, recordType, accessType)); _securitySet.menuItemAccess(name, recordType, AccessType::NoAccess); } } } void processGroup(UserGroupInfo _group) { UserGroupInfo localGroup; SecurityKeySet securitySet = SysSecurity::constructSecurityKeySet(); ; setPrefix(_group.caption()); // make a new ID localGroup.Id = strReplace(_group.Id, 'DGP_', 'DMS_'); info(localGroup.Id); // make a new name localGroup.name = _group.name + ' (some suffix)'; localGroup.insert(); securitySet.loadGroupRights(_group.Id, domain); disableMenuItems(securitySet); xAccessRightsList::saveSecurityRights(securitySet.pack(), localGroup.Id, domain); } ; setPrefix("Copy groups"); for (i=1; i<=conLen(groups); i++) { groupID = conPeek(groups, i); select userGroup where userGroup.Id == groupID; if (userGroup) processGroup(userGroup); else warning('!found'); } info('ok'); }
