AXForum  
Вернуться   AXForum > Microsoft Dynamics AX > DAX: За рубежом > DAX in English
All
Забыли пароль?
Зарегистрироваться Правила Справка Пользователи Сообщения за день Поиск

 
 
Опции темы Поиск в этой теме Опции просмотра
Старый 26.03.2009, 19:55   #1  
em# is offline
em#
Участник
 
9 / 11 (1) +
Регистрация: 29.05.2008
Setting security for temporary tables without modifying the application
Hi!

Temporary tables are not shown in the security tree for assigning permissions, so it's not possible to enable them for users.
In order to make possible to set permissions to a temporary table I modified the SysDictTable class.

boolean allowSecuritySetup()
{
if (//this.isTmp()|| //Temporarily commented in order to show Temp tables in the Tree

this.isMap() ||
this.isView() ||
!this.securityKeyId() || //If not, the table rights cannot be calculated if the user is a member of >1 group
(this.configurationKeyId() && !isConfigurationkeyEnabled(this.configurationKeyId())))
return false;
return true;
}


My question is if there is a way to enable permissions for Temp tables without modifying the application.

Thank you.
Старый 27.03.2009, 10:18   #2  
gl00mie is offline
gl00mie
Участник
MCBMSS
Most Valuable Professional
Лучший по профессии 2017
Лучший по профессии 2015
Лучший по профессии 2014
Лучший по профессии AXAWARD 2013
Лучший по профессии 2011
Лучший по профессии 2009
 
3,684 / 5798 (201) ++++++++++
Регистрация: 28.11.2005
Адрес: Москва
Записей в блоге: 3
Цитата:
Сообщение от em# Посмотреть сообщение
My question is if there is a way to enable permissions for Temp tables without modifying the application.
What's the purpose of setting permissions on temporary tables? They're always populated by code, and the originating data is usually taken from "real" tables or somehow produced by the code, so you can always perform an access validation in your code:
X++:
if (isTableUserEnabled( tablenum(CustTable) ))
{
    // populate temp table
}
else
{
    throw error( "@SYS60037" ); // Access denied
}
Besides, you never know where this or that temp table can be used. If an arbitrary temp table has a suitable set of fields then it's sometimes preferable to use it in your custom form/report then to create a new temp table. E.g. lots of standard reports in the localization for Eastern Europe use just a couple of temporary tables - both in Accounts Payable and Accounts Receivable modules. Obviously in this case it's more flexible and robust to validate access by security keys on menu items.
Старый 27.03.2009, 11:20   #3  
Ivanhoe is offline
Ivanhoe
Участник
Аватар для Ivanhoe
Лучший по профессии 2017
Лучший по профессии 2015
Лучший по профессии 2014
Лучший по профессии AXAWARD 2013
Лучший по профессии 2011
 
4,143 / 2156 (80) +++++++++
Регистрация: 29.09.2005
Адрес: Санкт-Петербург
You can set access for security key, all tmp-tables attached to that security key will automatically gain the same access level.
__________________
Ivanhoe as is..
Старый 27.03.2009, 11:55   #4  
oip is offline
oip
Axapta
Лучший по профессии 2014
 
2,564 / 1416 (53) ++++++++
Регистрация: 28.11.2005
Записей в блоге: 1
I can't even imagine why you need to make temp tables inaccessible for users. Could you please explain this to us? It's very interesting. As gl00mie said, temp tables are always used by programmers only to collect data (say from real tables and in this case it's correctly to set permissions to that real tables or to a menuItem that executes an operation filling your temp table). From this point of view temp tables are very similar to maps, arrays, recordSortedLists or even containers etc. So again, it's only a way to collect data.
Старый 27.03.2009, 12:59   #5  
em# is offline
em#
Участник
 
9 / 11 (1) +
Регистрация: 29.05.2008
Thanks All for the reply.

The table we want to allow permissions - tmpInventTransWMS - has a Security key on SYS layer.

The error below can be reproduced in Purchase orders screen, by selecting a purchase line, click Inventory button-> Registration.

“Not enough rights to use table 'Registration/picking' (TmpInventTransWMS).”

So, what security setup needs to be done for a particular user group to avoid this error? If temp tables have Security keys on SYS layer it is possible that there’s a way to manage them?

We can enable access to the temp table by setting access for the Security key the table is attached (in particularly for InventTables key), but it will enable some extra permissions to the user group.

Once again, thanks for help.
Старый 27.03.2009, 13:50   #6  
gl00mie is offline
gl00mie
Участник
MCBMSS
Most Valuable Professional
Лучший по профессии 2017
Лучший по профессии 2015
Лучший по профессии 2014
Лучший по профессии AXAWARD 2013
Лучший по профессии 2011
Лучший по профессии 2009
 
3,684 / 5798 (201) ++++++++++
Регистрация: 28.11.2005
Адрес: Москва
Записей в блоге: 3
Цитата:
Сообщение от em# Посмотреть сообщение
The table we want to allow permissions - tmpInventTransWMS - has a Security key on SYS layer. So, what security setup needs to be done for a particular user group to avoid this error? If temp tables have Security keys on SYS layer it is possible that there’s a way to manage them?
You can modify the table and clear its SecurityKey property. Or as you've mentioned you can enable access to the corresponding SecurityKey and disable access to other affected "persistent" tables on a per-table basis.
Цитата:
Сообщение от em# Посмотреть сообщение
We can enable access to the temp table by setting access for the Security key the table is attached (in particularly for InventTables key), but it will enable some extra permissions to the user group.
Build CrossReferencies and look where a particular security key is used. As to the InventTables key, it seems that the only extra permission it gives (that cannot be disabled) is access to some other temporary tables from Invent and WMS modules. Also note that if a table has a ConfigKey attached and that ConfigKey is disabled then the table also becomes temporary despite its Temporary property value.

PS. Here's a sample job to find other temporary tables with SecurityKey set
X++:
Dictionary      dict = new Dictionary();
DictTable       dictTbl;
Counter         n;
;
for (n = 1; n <= dict.tableCnt(); n++)
{
    dictTbl = new DictTable( dict.tableCnt2Id( n ) );
    if (dictTbl && dictTbl.isTmp() && dictTbl.securityKeyId())
    {
        if (dictTbl.configurationKeyId() && !isConfigurationKeyEnabled( dictTbl.configurationKeyId() ))
            continue;                       // table is temporarty 'coz the corresponding configKey is disabled
        info( strfmt( @"Temporary table %1 has securityKey: %2", dictTbl.name(), securitykeyid2name( dictTbl.securityKeyId() ) ) );
    }
}
Старый 27.03.2009, 14:00   #7  
oip is offline
oip
Axapta
Лучший по профессии 2014
 
2,564 / 1416 (53) ++++++++
Регистрация: 28.11.2005
Записей в блоге: 1
Цитата:
Сообщение от em# Посмотреть сообщение
So, what security setup needs to be done for a particular user group to avoid this error?
Invent -> InventTables. I mean InventTables "group" itself without tables included in this group. The only table which securityKey has to be set to open InventTransRegister form is InventTrans. All other tables may be "turned off". And this will be a correct setup.
Старый 27.03.2009, 18:44   #8  
em# is offline
em#
Участник
 
9 / 11 (1) +
Регистрация: 29.05.2008
I set view rights to InventTables node, without tables and full access control to InventTrans table. The Registration form can be opened now.

Thank you all for the help.
За это сообщение автора поблагодарили: oip (1).
Старый 27.03.2009, 19:42   #9  
oip is offline
oip
Axapta
Лучший по профессии 2014
 
2,564 / 1416 (53) ++++++++
Регистрация: 28.11.2005
Записей в блоге: 1
Yes, when you make your security setup since it's a temporary table it isn't shown in the list of tables in the "tables node" . So in order to get access to your temp table it is enough to set any rights to the node InventTables.

PS If any of the answers above helped you we have a button "Thanks" just below every post. Welcome to AxForum!
За это сообщение автора поблагодарили: em# (1).
 

Похожие темы
Тема Автор Раздел Ответов Посл. сообщение
kamalblogs: Setting default object owner as Object creator in Window server 2008 for AIF in Dynamics Ax Blog bot DAX Blogs 1 04.08.2010 14:24
emeadaxsupport: Group policy setting "System Objects: Default owner for objects created by members of the administrators group" is missing on Windows Server 2008 Blog bot DAX Blogs 2 28.08.2009 02:14
gatesasbait: AP Posting fails because of security setup in Dynamics Ax 4 Blog bot DAX Blogs 0 03.02.2009 02:07
Inside Dynamics AX 4.0: Security Coding Blog bot DAX Blogs 0 31.10.2007 23:40
Inside Dynamics AX 4.0: The Security Framework Blog bot DAX Blogs 0 31.10.2007 11:40

Ваши права в разделе
Вы не можете создавать новые темы
Вы не можете отвечать в темах
Вы не можете прикреплять вложения
Вы не можете редактировать свои сообщения

BB коды Вкл.
Смайлы Вкл.
[IMG] код Вкл.
HTML код Выкл.
Быстрый переход

Рейтинг@Mail.ru
Часовой пояс GMT +3, время: 21:25.