AX7 Table Browser and Class Runner
Song Nghia - Technical Consultant
Create a worker under Human resources > Workers > Employees. Now try to delete it. If you ever touched the Project setup settings etc of the employee, a message appears announcing that a "Worker cannot be deleted while dependant Resources exist. Delete dependant Resources and try again. " Indeed, the system automatically creates a new work center for every new timesheet user.
Navigate to Organization administration > Resources > Resources. Locate the work center representing the employee and try to delete it. The result is a message "Resources cannot be deleted while dependent ResResourceIdentifier exist. Delete dependent ResResourceIdentifier and try again". There is no UI for the ResResourceIdentifier table which is especially reassuring in an Azure production environment where you are not allowed to run SQL scripts against the database.
Solution: open the System Table Browser and delete the ResResourceIdentifier record by the RecId of the work center.
The table browser may be opened in the Visual Studio environment but it is just a URL that can be called in a browser as well. You just have to know the exact name of the table to do so: https://XXXaos.cloudax.dynamics.com/mi=SysTableBrowser\&tableName=ResResourceIdentifier
It's a pity that the precious SQL injection window where in previous versions of Dynamics AX you were able to execute delete_from and update_recordset statements is not presented anymore; a real loss indeed.
Challenge 2: execute an arbitrary X++ class in Dynamics AX "7" aka "Dynamics 365 for Operations"
In AX7 there are no more "jobs" to be executed at once on Ctrl-O, but a replacement exists: runnable classes as described here: https://blogs.msdn.microsoft.com/axsupport/2016/03/23/get-started-developing-in-ax-7/
When executing a runnable class from Visual Studio the form SysClassRunner is called. This form parses the URL for the cls parameter and executes the respective class. You just need to know the URL syntax and the exact class name.
Let's start with something harmless: https://XXXaos.cloudax.dynamics.com/mi=SysClassRunner\&cls=SysDBInformation
Now you can try to drop all transactional, non-master data in your production database: https://XXXaos.cloudax.dynamics.com/mi=SysClassRunner\&cls=SysDatabaseTransDelete
No comments:
Post a Comment