I have seen situations where it is required for certain AX users to have the administrative access on an environment but not for creating/editing/deleting code or objects. This is particularly difficult to achieve because the standard AX role ‘System Administration’ automatically gives all code access including editing.
On the other hand if a new role is creating by having all duties in AX, the users’ system response time becomes too slow because runtime permission check seems to take ‘forever’.
Another option is to remove the X++ development license from the environment. But doing that means that nobody will be able to even view the code. That is generally not desirable. Sometime viewing code is the quickest way to find whether a new change has been reflected in the environment correctly.
To find a solution, I tried multiple avenues but eventually got stuck to version control framework. This is where I find similarities in the current system behaviour and what I needed – user able to view the code, debug it but not create, edit or delete it.
I created a new class by extending the version control class for MorphX version control and override all methods like ‘allowCreate’, ‘allowEdit’ etc. to return false. Once that is done, I added a new enum element in the version control type enumerator and have the construct of the main version control class changed to accommodate initialization of my new class object based upon the enum value. Few more simple changes into version control parameter form and the project is ready.
Now in an environment administrator can simple enable newly created version control system and all the users in ‘System Administration’ role are not able to change any code. They can view it or debug it.