Adding operations, tasks, and roles
Add a method that creates operations and tasks, and then adds these operations and tasks to roles in the service.
Add a method.
Add a private method named Load to the class.
private void Load()
{
}
Add an operation for each method.
Create a Microsoft.Dynamics.Security.Operation object for each of your service methods. Populate the Key, Name, and Description property of each operation. Use a Microsoft.Dynamics.Security.OperationService object to add or update the Dynamics Security Service with your operation metadata.
The following code example adds operation metadata to the Dynamics Security Service for the sample Leads service. Notice how the Key property of each operation uses the key that was created during initialization.
// Instantiate an OperationService object.
OperationService opService = OperationService.GetInstance();
// Create a array for the security operation objects. Microsoft.Dynamics.Security.Operation[] leadOps = new Operation[5];
// Populate a security object that enables a GetByKey operation for leads. leadOps[0] = Microsoft.Dynamics.Security.Operation.GetInstance(); leadOps[0].Key = getByKeyOpKey; leadOps[0].Name = "View Leads"; leadOps[0].Description = "Privilege to view a lead";
// Populate a security object that enables a GetList operation for leads. leadOps[1] = Microsoft.Dynamics.Security.Operation.GetInstance(); leadOps[1].Key = getListOpKey; leadOps[1].Name = "Query Leads"; leadOps[1].Description = "Privilege to view leads";
// Populate a security object that enables a Delete operation for leads. leadOps[2] = Microsoft.Dynamics.Security.Operation.GetInstance(); leadOps[2].Key = deleteOpKey; leadOps[2].Name = "Delete Leads"; leadOps[2].Description = "Privilege to delete a lead";
// Populate a security object that enables a Create operation for leads. leadOps[3] = Microsoft.Dynamics.Security.Operation.GetInstance(); leadOps[3].Key = createOpKey; leadOps[3].Name = "Create Leads"; leadOps[3].Description = "Privilege to create a lead";
// Populate a security object that enables an Update operation for leads. leadOps[4] = Microsoft.Dynamics.Security.Operation.GetInstance(); leadOps[4].Key = updateOpKey; leadOps[4].Name = "Modify Leads"; leadOps[4].Description = "Privilege to modify a lead";
foreach (Operation op in leadOps) { try { // If the operation exists, update the existing operation. opService.UpdateOperation(securityContext, op); } catch (NonExistentSecurityObjectException) { // If the operation does not exist, add the operation to the // security service. opService.CreateOperation(securityContext, op); } }
Add tasks that group the operations.
Tasks help organize and group the related operations. Typically tasks are created for "Manage" and "View".
• "Manage" tasks contain operations like GetByKey, GetList, Create, Delete, and Update.
• "View" tasks contain the GetByKey and GetList operations.
Create a Microsoft.Dynamics.Security.Task object for each task. Populate the Key, Name, and Description property of the task. To specify the operations for the task, add your operation keys to the Operation collection of the task. Use a Microsoft.Dynamics.Security.TaskService object to add or update the Dynamics GP Security Service with your task metadata.
The following code example adds two tasks to the metadata of the Dynamics Security Service for the sample Leads service. Notice how the operation keys for the operations that were created earlier populate the operation collection of each task.
// Instantiate the TaskService object.
TaskService taskService = TaskService.GetInstance();
// Create a view task object for leads. Task viewTask = Task.GetInstance(); viewTask.Key = viewTaskKey; viewTask.Name = "View Leads"; viewTask.Description = "View Leads"; viewTask.Operations.Add(getByKeyOpKey); viewTask.Operations.Add(getListOpKey);
try { // If the task already exists, update the existing task object. taskService.UpdateTask(securityContext, viewTask); } catch (NonExistentSecurityObjectException) { // If the task does not exist, add the task object. taskService.CreateTask(securityContext, viewTask); }
// Create a manage task object for leads. Task manageTask = Task.GetInstance(); manageTask.Key = manageTaskKey; manageTask.Name = "Manage Leads"; manageTask.Description = "Manage Leads"; manageTask.Operations.Add(getByKeyOpKey); manageTask.Operations.Add(getListOpKey); manageTask.Operations.Add(deleteOpKey); manageTask.Operations.Add(createOpKey); manageTask.Operations.Add(updateOpKey);
try { // If the task already exists, update the existing task object. taskService.UpdateTask(securityContext, manageTask); } catch (NonExistentSecurityObjectException) { // If the task does not exist, add the task object. taskService.CreateTask(securityContext, manageTask); }
Add new roles (optional).
To provide additional flexibility in the security administration of your service, you might want to add one or more new security roles to the Dynamics Security Service. The sample Leads service does not include code to add a new role. To add role metadata to the Dynamics Security Service, follow the pattern used to create task and operation metadata. To add role metadata to the Dynamics Security Service, you use the following classes from the Microsoft.Dynamics.Security namespace.
• To begin, use the RoleKey class to create a new role key. To uniquely identify your role, use a GUID to populate the ID property of the role key. If you use the Visual Studio Create GUID application to generate the GUID, be sure to remove the braces from the GUID. For the new role to be found by the Dynamics Security Console, the GUID value you use to uniquely identify the role must use only lowercase characters.
• Next, create a new role object. To instantiate the role object, use the GetInstance method of the Role class. Populate the Name and Description properties of the role. Use the role key you created earlier to populate the Key property of the role.
• Finally, use a RoleService object to add the metadata for the role to the Dynamics Security Service. To instantiate the role service, use the GetInstance method of the RoleService class. To add the role metadata to the Dynamics Security Service, use the CreateRole method of the role service. The CreateRole method requires a security context object parameter and a role object parameter.
Add the operations and tasks to the roles.
To secure access to your service, add your security operations and tasks to roles. To add an operation or task to a role, use the GetRole method of the Microsoft.Dynamics.Security.RoleService object to retrieve the role. Use the role keys you created earlier to specify the role. After you retrieve the role, you can add security operations and tasks to the role.
• To associate a security operation with a role, add the operation key to the Operations collection of the role. To allow administrative access to your service, you must add all of the security operations you created to the Dynamics Security Service Superuser role.
• To associate a security task with a role, add the task key to the Tasks collection of the role. To allow any role other than the Superuser role to access your service, add the appropriate security task to that role.
To save your changes to the role metadata, use the UpdateRole method of the Microsoft.Dynamics.Security.RoleService object.
The following code example adds operation metadata to the Superuser role of the Dynamics Security Service. Notice how the operation keys for the operations that were created earlier populate the Operations collection of the role.
// Instantiate the RoleService object
RoleService roleService = RoleService.GetInstance();
// Retrieve a role object that represents the superuser role Role role = roleService.GetRole(securityContext, roleKey);
// Add the operation object to the role if that object is not already // assigned to that role. bool newOpAdded = false;
foreach (Operation newOp in leadOps) { if (role.Operations.BinarySearch(newOp.Key) < 0) { role.Operations.Add(newOp.Key); newOpAdded = true; } }
// Only update the security service when an operation is // added to the role object. if (newOpAdded == true) { roleService.UpdateRole(securityContext, role); }
Add the method to Main.
In the Main method, add statements that run the Load method when the command line parameter is "/load".
The following code example shows how the load method is called.
if (args[0].ToLowerInvariant() == "/load")
{ addLeads.Load(); Console.WriteLine("The Lead operations have been added to Dynamics GP security."); Console.WriteLine(""); }