Removing a role to all or multiple users using X++ Code [Dynamics AX 2012]

 Below is the code snippet to remove a role to all or multiple users using X++ Code. In the below code, I have tried removing System administrator role to all the users except Admin and me. Please test the code before running it in any environments.

static void SR_RemoveRoleAccessToUsers(Args _args)

{

    SecurityRole        role;

    SecurityUserRole    userRole;

    UserInfo            userInfo;

 

    void removeFromSelectedUser(UserId  _userId, RecId  _recId)

    {

        fieldName                           userId;

        SysSecTreeRoles                     roleTree;

        SecurityUserRole                    securityUserRole;

        OMUserRoleOrganization              org;

        SecurityUserRoleCondition           condition;

        SecuritySegregationOfDutiesConflict conflict;

        RecId                               recId;

 

        userId  = _userId;

        recId   = _recId;

 

        ttsbegin;

 

        delete_from condition

        exists join securityUserRole

        where condition.SecurityUserRole == securityUserRole.RecId && securityUserRole.User == userId && securityUserRole.SecurityRole == recId;

 

        //<GEEEE>

        while select OMInternalOrganization, SecurityRole from org where org.User == userId && org.SecurityRole == recid

        {

            EePersonalDataAccessLogging::logUserRoleChange(org.SecurityRole, org.omInternalOrganization, userid, AddRemove::Remove);

        }

        //</GEEEE>

 

        delete_from org where org.User == userId && org.SecurityRole == recId;

 

        delete_from conflict where conflict.User == userId && ((conflict.ExistingRole == recId) || (conflict.NewRole == recId));

 

        //<GEEEE>

        EePersonalDataAccessLogging::logUserRoleChange(recId, 0, userId, AddRemove::Remove);

        //</GEEEE>

 

        delete_from securityUserRole where securityUserRole.User == userId && securityUserRole.SecurityRole == recId;

 

        ttscommit;

 

    }

 

    select role where role.Name == "System administrator"; // provide the role name to remove here   

   while select userInfo where (userInfo.id != ‘Admin’

        && userInfo.id != ‘sgirigari’) // ensure that you have admin role to run this job

    {

           removeFromSelectedUser(userInfo.id, role.RecId);

    }

    info("Removal process of role is complete.");

}

Please be careful in the above while select statement as you need to ensure that the job that is run by a developer should be added in the where clause (userInfo.Id != “Sgirigari”)to ensure that the job runs successfully as we are removing the System Administrator role. For any other role, you can ignore this where clause.