пользуюсь следующим методом. единственное, что админы не проходят данную проверку
X++:
static boolean hasAccessToPrivilege(SecurityTaskAotName _privilegeName, UserID _userId = curUserId())
{
UserInfo userInfo;
SecurityUserRole securityUserRole;
SecurityRoleTaskGrant srtGrant;
securityRoleExplodedGraph securityRoleExplodedGraph;
securityTaskExplodedGraph securityTaskExplodedGraph;
SecurityTask securityTask;
select firstOnly RecId from securityTask
where securityTask.AotName == _privilegeName;
if (securityTask.RecId)
{
select RecId from userInfo
where userInfo.Enable && userInfo.id == _userId
exists join securityUserRole
where securityUserRole.User == userInfo.Id &&
securityUserRole.AssignmentStatus == RoleAssignmentStatus::Enabled
exists join securityRoleExplodedGraph
where securityUserRole.SecurityRole == securityRoleExplodedGraph.SecurityRole
exists join srtGrant
where srtGrant.SecurityRole == securityRoleExplodedGraph.SecuritySubRole
exists join securityTaskExplodedGraph
where securityTaskExplodedGraph.SecurityTask == srtGrant.SecurityTask &&
securityTaskExplodedGraph.SecuritySubTask == securityTask.RecId;
}
return userInfo.RecId != 0;
}