Security in Axd<Document> and Ax<Table> Classes
Important
This content is archived and is not being updated. For the latest documentation, see Microsoft Dynamics 365 product documentation. For the latest release plans, see Dynamics 365 and Microsoft Power Platform release plans.
Applies To: Microsoft Dynamics AX 2012 R2, Microsoft Dynamics AX 2012 Feature Pack, Microsoft Dynamics AX 2012
By default, Application Integration Framework (AIF) uses the standard table, field, and record level security when you read data from Microsoft Dynamics AX that is sent to an external system.
Record level security (RLS) is implemented at the Axd <Document> class level where the specific document defines whether RLS should be upheld for that document only. AIF uses the AxdBase.security property to implement RLS. This property returns a boolean that specifies whether the current document class (which inherits from the AxdBase class) uses RLS. By default, this property returns true.
By default, RLS is enabled for all Axd <Document> classes that are included with Microsoft Dynamics AX except for the following:
Sales Invoice - AxdSalesInvoice
Advance Ship Notice - AxdASN
Purchase Requisition - AxdPurchaseRequisition
In these document classes, RLS is bypassed in the unpackPropertyBag method as shown in the following code.
protected void unpackPropertyBag(AifPropertyBag _aifPropertyBag)
{
AxdSendContext axdSendContext =
AxdSendContext::create(_aifPropertyBag);
;
// Get send context properties.
this.parmDocPurpose(axdSendContext.parmXMLDocPurpose());
// Bypass RLS.
this.security(axdSendContext.parmSecurity());
}
When reading data that will be sent, the AxdBase class passes the request to the AxdBaseRead class. The AxdBaseRead.serializeQuery method checks whether the document implements RLS and passes that information to the query in the following code.
query.allowCheck(this.parmAxdBase().security());
query.recordLevelSecurity(this.parmAxdBase().security());
RLS does not apply when the AIF deserializes data from XML and writes to the database. This is the case for inbound documents that create data in Microsoft Dynamics AX.
Security Consequences
RLS affects the Axd <Document> and Ax <Table> classes as shown in the following table.
Process |
Method |
Description |
|---|---|---|
Schema generation |
AxdBase.getSchema |
When generating XML schemas (XSDs), security is not verified. The schema is shared across all recipients and submitters, regardless of data access permissions. |
Serialization |
read readList findList findEntityKeyList |
When data is serialized from the Microsoft Dynamics AX database into XML, the following rules apply:
|
Deserialization |
When AIF deserializes data from XML and writes it to the database, RLS is not used. Instead, AIF checks that the user has access to the tables and fields in which data is being created or updated. If the calling code is not authorized to write data to the data source table or to a specific field, the incoming XML document is rejected. The AxdBaseCreate base class in the XML document framework checks for access in the AxdBaseCreate.hasTableAccess and AxdBaseCreate.hasFieldAccess methods. |
Note
All AIF exceptions are logged to the SysExceptionTable and can be viewed in the Exceptions form. For more information, see View the exceptions log.
Required Fields
A field is considered required when:
- The field is marked as mandatory in the data model and the field is not included in the list of mandatory field exemptions returned by the Ax <TableName>. getMandatoryFieldsExemptions method.
- or -
- The field is in the list of mandatory fields returned by the Axd <Document>.getMandatoryFieldsMap method.