Removing a role to all or multiple users using X++ Code [Dynamics AX 2012]

Below is the code snippet to remove a role to all or multiple users using X++ Code. In the below code, I have tried removing System administrator role to all the users except Admin and me. Please test the code before running it in any environments.

static void AV_RemoveRoleAccessToUsers(Args _args)

{

SecurityRole        role;

SecurityUserRole    userRole;

UserInfo            userInfo;

 

void removeFromSelectedUser(UserId  _userId, RecId  _recId)

{

fieldName                           userId;

SysSecTreeRoles                     roleTree;

SecurityUserRole                    securityUserRole;

OMUserRoleOrganization              org;

SecurityUserRoleCondition           condition;

SecuritySegregationOfDutiesConflict conflict;

RecId                               recId;

 

userId  = _userId;

recId   = _recId;

 

ttsbegin;

 

delete_from condition

exists join securityUserRole

where condition.SecurityUserRole == securityUserRole.RecId && securityUserRole.User == userId && securityUserRole.SecurityRole == recId;

 

//<GEEEE>

while select OMInternalOrganization, SecurityRole from org where org.User == userId && org.SecurityRole == recid

{

EePersonalDataAccessLogging::logUserRoleChange(org.SecurityRole, org.omInternalOrganization, userid, AddRemove::Remove);

}

//</GEEEE>

 

delete_from org where org.User == userId && org.SecurityRole == recId;

 

delete_from conflict where conflict.User == userId && ((conflict.ExistingRole == recId) || (conflict.NewRole == recId));

 

//<GEEEE>

EePersonalDataAccessLogging::logUserRoleChange(recId, 0, userId, AddRemove::Remove);

//</GEEEE>

 

delete_from securityUserRole where securityUserRole.User == userId && securityUserRole.SecurityRole == recId;

 

ttscommit;

 

}

 

select role where role.Name == “System administrator”; // provide the role name to remove here

while select userInfo where (userInfo.id != ‘Admin’

&& userInfo.id != ‘sgirigari’) // ensure that you have admin role to run this job

{

removeFromSelectedUser(userInfo.id, role.RecId);

}

info(“Removal process of role is complete.”);

}

Please be careful in the above while select statement as you need to ensure that the job that is run by a developer should be added in the where clause (userInfo.Id != “Sgirigari”)to ensure that the job runs successfully as we are removing the System Administrator role. For any other role, you can ignore this where clause.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s