Removing a role to all or multiple users using X++ Code [Dynamics AX 2012]

Below is the code snippet to remove a role to all or multiple users using X++ Code. In the below code, I have tried removing System administrator role to all the users except Admin and me. Please test the code before running it in any environments.

static void AV_RemoveRoleAccessToUsers(Args _args)


SecurityRole        role;

SecurityUserRole    userRole;

UserInfo            userInfo;


void removeFromSelectedUser(UserId  _userId, RecId  _recId)


fieldName                           userId;

SysSecTreeRoles                     roleTree;

SecurityUserRole                    securityUserRole;

OMUserRoleOrganization              org;

SecurityUserRoleCondition           condition;

SecuritySegregationOfDutiesConflict conflict;

RecId                               recId;


userId  = _userId;

recId   = _recId;




delete_from condition

exists join securityUserRole

where condition.SecurityUserRole == securityUserRole.RecId && securityUserRole.User == userId && securityUserRole.SecurityRole == recId;



while select OMInternalOrganization, SecurityRole from org where org.User == userId && org.SecurityRole == recid


EePersonalDataAccessLogging::logUserRoleChange(org.SecurityRole, org.omInternalOrganization, userid, AddRemove::Remove);




delete_from org where org.User == userId && org.SecurityRole == recId;


delete_from conflict where conflict.User == userId && ((conflict.ExistingRole == recId) || (conflict.NewRole == recId));



EePersonalDataAccessLogging::logUserRoleChange(recId, 0, userId, AddRemove::Remove);



delete_from securityUserRole where securityUserRole.User == userId && securityUserRole.SecurityRole == recId;






select role where role.Name == “System administrator”; // provide the role name to remove here

while select userInfo where ( != ‘Admin’

&& != ‘sgirigari’) // ensure that you have admin role to run this job


removeFromSelectedUser(, role.RecId);


info(“Removal process of role is complete.”);


Please be careful in the above while select statement as you need to ensure that the job that is run by a developer should be added in the where clause (userInfo.Id != “Sgirigari”)to ensure that the job runs successfully as we are removing the System Administrator role. For any other role, you can ignore this where clause.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s