Removing a role to all or multiple users using X++ Code [Dynamics AX 2012]


Below is the code snippet to remove a role to all or multiple users using X++ Code. In the below code, I have tried removing System administrator role to all the users except Admin and me. Please test the code before running it in any environments.

static void SR_RemoveRoleAccessToUsers(Args _args)


    SecurityRole        role;

    SecurityUserRole    userRole;

    UserInfo            userInfo;


    void removeFromSelectedUser(UserId  _userId, RecId  _recId)


        fieldName                           userId;

        SysSecTreeRoles                     roleTree;

        SecurityUserRole                    securityUserRole;

        OMUserRoleOrganization              org;

        SecurityUserRoleCondition           condition;

        SecuritySegregationOfDutiesConflict conflict;

        RecId                               recId;


        userId  = _userId;

        recId   = _recId;




        delete_from condition

        exists join securityUserRole

        where condition.SecurityUserRole == securityUserRole.RecId && securityUserRole.User == userId && securityUserRole.SecurityRole == recId;



        while select OMInternalOrganization, SecurityRole from org where org.User == userId && org.SecurityRole == recid


            EePersonalDataAccessLogging::logUserRoleChange(org.SecurityRole, org.omInternalOrganization, userid, AddRemove::Remove);




        delete_from org where org.User == userId && org.SecurityRole == recId;


        delete_from conflict where conflict.User == userId && ((conflict.ExistingRole == recId) || (conflict.NewRole == recId));



        EePersonalDataAccessLogging::logUserRoleChange(recId, 0, userId, AddRemove::Remove);



        delete_from securityUserRole where securityUserRole.User == userId && securityUserRole.SecurityRole == recId;






    select role where role.Name == "System administrator"; // provide the role name to remove here   

   while select userInfo where ( != ‘Admin’

        && != ‘sgirigari’) // ensure that you have admin role to run this job


           removeFromSelectedUser(, role.RecId);


    info("Removal process of role is complete.");


Please be careful in the above while select statement as you need to ensure that the job that is run by a developer should be added in the where clause (userInfo.Id != “Sgirigari”)to ensure that the job runs successfully as we are removing the System Administrator role. For any other role, you can ignore this where clause.

Happy dax6ng,

Sreenath Reddy


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: