Job to Bulk Assign Organization Security

Job to Bulk Assign Organization Security

09/13/15

Assume you have one company already live on AX and things are well with them. Now you are bringing a second company online and adding them into the same environment as the first company. You will want to assign everyone from company 1 to only be allowed to see stuff for company 1; same with company 2. Below is a job that will bifurcate security by domain for each company.

We have Users in ABC.com domain and XYZ.com domain. we want ABC.com users to see ABC and AB1 companies stuff and XYZ.com users to see companies XYZ and XY1.

 

 

static void bifurcateSecurity(Args _args)
{
    UserInfo UserInfo;
    securityUserRole securityUserRole;
    OMUserRoleOrganization OMUserRoleOrganization;
    SecurityRole SecurityRole;

    void addOrganization(DataAreaId DataArea, UserId UserId, RefRecId roleId, RefRecId hierarchyId, boolean _withChildren)
        {
            OMUserRoleOrganization org;
            FormTreeItem item;
            RefRecId organizationId;
            boolean isUserRoleMode = true;


            organizationId = DirPartyTable::findByNum(CompanyInfo::findDataArea(DataArea).PartyNumber).RecId;

            select firstonly org
            where
                org.User == userId &&
                org.SecurityRole == roleId &&
                org.omInternalOrganization == organizationId &&
                org.omHierarchyType == hierarchyId;


            if (org)
                return;

            // Check the id of the role to add
            if ((roleId == 0))
            {
                error(""); // Error used role is not assigned to selected user
                return;
            }

            ttsbegin;
            org.User = userId;
            org.SecurityRole = roleId;
            org.SecurityRoleAssignmentRule = 0;
            org.omInternalOrganization = organizationId;
            org.omHierarchyType = (_withChildren) ? hierarchyId : 0;

            //
            EePersonalDataAccessLogging::logUserRoleChange(org.SecurityRole,
                                                org.omInternalOrganization,
                                                org.User,
                                                AddRemove::Add);
            //

            org.insert();
            ttscommit;
        }

    select * from SecurityRole where SecurityRole.AotName == "-SYSADMIN-";

    while select * from UserInfo
    {
        while select * from securityUserRole where securityUserRole.User == UserInfo.id
                                                && securityUserRole.SecurityRole != SecurityRole.RecId
        {
            ttsBegin;
            if(UserInfo.networkDomain == "ABC.com")
            {
                addOrganization("ABC",UserInfo.id, securityUserRole.SecurityRole, 0,false);
                addOrganization("AB1",UserInfo.id, securityUserRole.SecurityRole, 0,false);
            }

            if(UserInfo.networkDomain == "XYZ.com")
            {
                addOrganization("XYZ",UserInfo.id, securityUserRole.SecurityRole, 0,false);
                addOrganization("XY1",UserInfo.id, securityUserRole.SecurityRole, 0,false);
            }
            ttsCommit;
        }
    }
}