Microsoft Dynamics AX/365: Display Method Authorization

Wednesday, July 4, 2018

Display Method Authorization

A display or edit method is used to display data from another table or a
calculated value. In theory, a display method can expose any data from any table.
If a display method returns data from another table (or another row in the same
table), it poses a threat.
If a display method returns data from the same row but from another column, it
also poses a threat. For example, a user might not be allowed to view another
person's monthly salary, but could run a query to ask for the annual salary
(calculated value).
The following example is from the CustCollectionLetterJour table. This method
validates both field access and record level security.

//BP Deviation Documented
display
Addressing collectionAddress()
{
  CustTable custTable;
  if (!hasFieldAccess(tableNum(LogisticsPostalAddress),
  fieldNum(LogisticsPostalAddress, Address),
  AccessType::View))
  throw error("@SYS57330");
  if (CustTable::checkExist(this.AccountNum))
{
  custTable.recordLevelSecurity(true);
  select firstonly Party from custTable
    where custTable.AccountNum ==this.AccountNum;
  if (!custTable)
  throw error("@SYS57330");
}
  return custTable.postalAddress().Address;
}

Best Regards,
Hossein Karimi

Hossein Karimi

+10 years of experience with hands-on lead-level background in the full life cycle of software development with demonstrated cross-functional team leadership skills. Programming: • ERP :Microsoft Dynamics AX 2012 • Language :X++, C#, C++, XAML, Asp.Net, Html, VB.Net, Android • Environment : Windows XP, Windows 8, Windows 10, Windows Server • DataBase : Oracle 9i,10g,11g and SqlServer and SQLlite

Wednesday, July 4, 2018

Display Method Authorization

No comments:

Post a Comment

Configure the Firewall on the Enterprise Portal Server

About Me

Contact