AXForum  
Вернуться   AXForum > Microsoft Dynamics AX > DAX Blogs
All
Забыли пароль?
Зарегистрироваться Правила Справка Пользователи Сообщения за день Поиск Все разделы прочитаны

 
 
Опции темы Поиск в этой теме Опции просмотра
Старый 23.06.2011, 21:11   #1  
Blog bot is offline
Blog bot
Участник
 
25,626 / 848 (80) +++++++
Регистрация: 28.10.2006
axinthefield: AIF File Adapter for AX 2009 - Security Authorization
Источник: http://blogs.msdn.com/b/axinthefield...orization.aspx
==============

Summary

To properly test your xml documents for use with the Application Integration Framework (AIF) in AX 2009, it is best to use the File Adapter as it is easy to set up. You can use any Adapter for when you go-live.

It is important to understand how the AIF file adapter security authorization works as it will save you time and frustration. Below we will discuss the submitting user, source endpoint user, file ownership, and endpoint security.

The security is determined by the “submitting user” and the “source endpoint user”. The "source endpoint user" is specified in the tag in the xml document. This is the user on whose authority the inbound request is being made. The format is Domainname\Domainuser. In the absence of the "source endpoint user" not being specified in the tab, it uses the "submitting user id" as the "source endpoint user".

The "submitting user" is determined from the Windows file owner. You cannot specify the windows file ownership to be a windows group as there is no way of translating a windows group to an AX User or AX User group. So the file ownership must be set to a specific user. It then uses the specific user, identifies if that user is an internal AX user, determines the AX group membership, and if rights to the endpoint. NOTE: In Windows 2008, if the submitting user is in not a local administrator in Windows, then the ownership is automatically set to the submitting user. However if the submitting user is a local administrator, then the ownership is set to the local Administrators group (not the individual submitting/creator user account).

If security is not set up properly, you will receive, "The user is not authorized to use this Endpoint". Below are some examples to illustrate:

Setup

  • Security Group name = AIF with FULL control to create Sales Orders
  • Endpoint = WWW and AIF Security Group has rights
  • Domain Users:
    • windowsuser1
    • windowsuser2
  • Domain Users, windowsuser1 and windowsuser2 assigned to AIF Security Group
Scenario 1

  • Sourceendpointuser in the xml = windowsuser1
  • Owner of the xml document = windowsuser1
  • Creates Sales order successfully because windowsuser1 is the owner of the document and has rights to the WWW Endpoint
Scenario 2

  • Sourceendpointuser in the xml = windowsuser2
  • Owner of the xml document = windowsuser1
  • Exception occurs stating that "The user is not authorized to use this Endpoint". This is because windowsuser2 is the submitting user but not the file owner.
Scenario 3

  • Sourceendpointuser in the xml = (e.g., no user specified)
  • Owner of the xml document = windowsuser1
  • Creates Sales order successfully as windows1 is used as the submitting user and is the file owner.


Conclusion

  • When using the File system adapter, the submitting user, e.g., the user who submits the AIF document for processing is the owner of the document and must have rights to the Endpoint
  • The user must be an AX user with access to the Endpoint
  • If you do not list any user as the "source endpoint user" in your XML document, it will use the owner of the document as the submitting user. See notes above for exceptions on Windows 2008 and Windows 2003.





Источник: http://blogs.msdn.com/b/axinthefield...orization.aspx
__________________
Расскажите о новых и интересных блогах по Microsoft Dynamics, напишите личное сообщение администратору.
 

Похожие темы
Тема Автор Раздел Ответов Посл. сообщение
Microsoft Dynamics AX 2009 AIF BizTalk Adapter Configuration White Paper Vadik DAX: База знаний и проекты 3 18.11.2016 01:04
axinthefield: The AIF processing services used by each of the AIF adapters in AX 2009 Blog bot DAX Blogs 0 27.05.2011 05:12
axinthefield: Dynamics AX Event IDs Blog bot DAX Blogs 0 01.03.2011 22:11
Dianne Siebold: AIF File Adapter Processing Sequence Blog bot DAX Blogs 0 26.04.2009 00:05
Dianne Siebold: AIF BizTalk Adapter White Paper Updated for 2009 Blog bot DAX Blogs 0 31.01.2009 11:05
Опции темы Поиск в этой теме
Поиск в этой теме:

Расширенный поиск
Опции просмотра

Ваши права в разделе
Вы не можете создавать новые темы
Вы не можете отвечать в темах
Вы не можете прикреплять вложения
Вы не можете редактировать свои сообщения

BB коды Вкл.
Смайлы Вкл.
[IMG] код Вкл.
HTML код Выкл.
Быстрый переход

Рейтинг@Mail.ru
Часовой пояс GMT +3, время: 06:58.