AXForum  
Вернуться   AXForum > Microsoft Dynamics AX > DAX Blogs
All
Забыли пароль?
Зарегистрироваться Правила Справка Пользователи Сообщения за день Поиск

 
 
Опции темы Поиск в этой теме Опции просмотра
Старый 25.05.2011, 00:11   #1  
Blog bot is offline
Blog bot
Участник
 
25,643 / 848 (80) +++++++
Регистрация: 28.10.2006
emeadaxsupport: Record level security is not enforced in code or is it?
Источник: http://blogs.msdn.com/b/emeadaxsuppo...-or-is-it.aspx
==============

I recently came across an unusual behaviour of record level security, that I don’t think has been documented before, so I thought I would share it with you.

The situation here is that there is an employee with emplId=”RLS”, and there is a user group configured with record level security which will allow members to view every employee except “RLS”.Now a user which is a member of this group runs a report, and the fetch() method of the report looks like this:

public boolean fetch()
{
boolean ret = true;
EmplTable emplTable;
;
//emplTable.recordLevelSecurity(false);

select firstonly emplTable where emplTable.EmplId == 'RLS';

return ret;
}


What should be the result - Does the emplTable buffer get populated? Record level security (RLS) isn’t enforced in code, right? Wrong!

Whilst it is true most of the time that RLS isn’t enforced in code, there are a couple of exceptions to that rule: reportRun.fetch(), reportRun.send() and lookup() on form controls.

What happens in the AX kernel is that before the kernel triggers these methods it enables RLS for the whole current X++ stream and then disables it again when the method returns. This has the effect that any code in one of these methods, or any code called out to from one of these methods will have RLS enabled by default.

In the above code if we uncomment the line emplTable.recordLevelSecurity(false) then it will allow the buffer to bypass RLS and get populated successfully.

There are a couple of other noticeable quirks of this – if you print the value used from the emplTable.recordLevelSecurity() method it will show that RLS is not enabled for that buffer – this is because it is actually enabled at a higher level for the whole X++ stream and the buffer’s property isn’t directly set.

The other quirk is that if you enable tracing from the user options -> development tab -> database trace option then you’ll see that RLS is enabled for the calls made to tables in this scenario – this is correct as the tracing picks up whether RLS was actually used when accessing the table in the data layer of the kernel – and it was!

Moving forward in AX2012 this no longer applies – the security framework and reports are re-worked.

--author: Tariq Bell--editor: Tariq Bell--date: 24/05/2011


Источник: http://blogs.msdn.com/b/emeadaxsuppo...-or-is-it.aspx
__________________
Расскажите о новых и интересных блогах по Microsoft Dynamics, напишите личное сообщение администратору.
За это сообщение автора поблагодарили: gl00mie (5).
 

Похожие темы
Тема Автор Раздел Ответов Посл. сообщение
emeadaxsupport: Debugging non-interactive X++ code in Dynamics AX 2009 when running on Windows Server 2008 Blog bot DAX Blogs 0 23.09.2009 13:05
emeadaxsupport: AxUpdatePortal.exe does not update Enterprise Portal when not running from an elevated command prompt Blog bot DAX Blogs 0 26.07.2009 15:07
Inside Dynamics AX 4.0: The Security Framework Blog bot DAX Blogs 0 31.10.2007 11:40
Вопрос про Demand Planner slava09 DAX: Функционал 4 25.09.2006 11:43
Record Level Security ada DAX: Администрирование 5 17.05.2005 12:33

Ваши права в разделе
Вы не можете создавать новые темы
Вы не можете отвечать в темах
Вы не можете прикреплять вложения
Вы не можете редактировать свои сообщения

BB коды Вкл.
Смайлы Вкл.
[IMG] код Вкл.
HTML код Выкл.
Быстрый переход

Рейтинг@Mail.ru
Часовой пояс GMT +3, время: 12:11.