From c07e22fb5ca4a019e0a2d0bae49e754f94210461 Mon Sep 17 00:00:00 2001 From: Quentin Tresontani Date: Mon, 8 Sep 2025 17:38:20 +0200 Subject: [PATCH 1/2] Updated compiler version to 16.0.27.6671 From d46d301330b91830e07368121986940c89dff411 Mon Sep 17 00:00:00 2001 From: Quentin Tresontani <31541422+qutreson@users.noreply.github.com> Date: Tue, 20 Jan 2026 09:43:18 +0100 Subject: [PATCH 2/2] [Agent] Additional changes to support Agent - Admin or Configure Agent Access Control without SUPER scenarios (#6082) #### Summary 1. Only enable the Setup action from the Agent List and Agent Card if the user has rights to manage this agent (via permissions or via Agent Access Control) 2. Removing the logic to insert the current owner on agent creation if none is found because this is handled via the server during agent creation already. Also, this code was inserting the Agent Access Control for all companies while the user might have had agent creation permissions in one company. 3. Use a new server utility when inserting Access Control for an agent. This allows users with only Configure Agent Access Control and without SUPER, SECURITY or AGENT - ADMIN to do such changes without explicitly having Access Control modification permissions. They can only do this on the agent they manage (and cannot do this on other agents or other user types). #### Work Item(s) Fixes [AB#617434](https://dynamicssmb2.visualstudio.com/1fcb79e7-ab07-432a-a3c6-6cf5a88ba4a5/_workitems/edit/617434) --- .../App/Agent/Setup/AgentCard.Page.al | 1 + .../App/Agent/Setup/AgentImpl.Codeunit.al | 64 +++---------------- .../App/Agent/Setup/AgentList.Page.al | 1 + 3 files changed, 12 insertions(+), 54 deletions(-) diff --git a/src/System Application/App/Agent/Setup/AgentCard.Page.al b/src/System Application/App/Agent/Setup/AgentCard.Page.al index d643021891..e5f9c0b030 100644 --- a/src/System Application/App/Agent/Setup/AgentCard.Page.al +++ b/src/System Application/App/Agent/Setup/AgentCard.Page.al @@ -130,6 +130,7 @@ page 4315 "Agent Card" Caption = 'Setup'; ToolTip = 'Set up agent'; Image = SetupLines; + Enabled = Rec."Can Curr. User Configure Agent"; trigger OnAction() begin diff --git a/src/System Application/App/Agent/Setup/AgentImpl.Codeunit.al b/src/System Application/App/Agent/Setup/AgentImpl.Codeunit.al index 67c3a39858..a06cf1539a 100644 --- a/src/System Application/App/Agent/Setup/AgentImpl.Codeunit.al +++ b/src/System Application/App/Agent/Setup/AgentImpl.Codeunit.al @@ -35,7 +35,8 @@ codeunit 4301 "Agent Impl." Agent.Insert(true); if TempAgentAccessControl.IsEmpty() then - GetUserAccess(Agent, TempAgentAccessControl, true); + // If no access control is provided, the server is giving access to the user creating the agent. + GetUserAccess(Agent, TempAgentAccessControl); AssignCompany(Agent."User Security ID", CompanyName()); AssignDefaultProfile(Agent."User Security ID"); @@ -54,33 +55,16 @@ codeunit 4301 "Agent Impl." ChangeAgentState(AgentUserSecurityID, false); end; - procedure InsertCurrentOwnerIfNoOwnersDefined(var Agent: Record Agent; var AgentAccessControl: Record "Agent Access Control") - begin - SetOwnerFilters(AgentAccessControl); - AgentAccessControl.SetRange("Agent User Security ID", Agent."User Security ID"); - if not AgentAccessControl.IsEmpty() then - exit; - InsertCurrentOwner(Agent."User Security ID", AgentAccessControl); - end; - - procedure InsertCurrentOwner(AgentUserSecurityID: Guid; var AgentAccessControl: Record "Agent Access Control") - begin - AgentAccessControl."Can Configure Agent" := true; - AgentAccessControl."Agent User Security ID" := AgentUserSecurityID; - AgentAccessControl."User Security ID" := UserSecurityId(); - AgentAccessControl.Insert(); - end; - procedure GetUserAccess(AgentUserSecurityID: Guid; var TempAgentAccessControl: Record "Agent Access Control" temporary) var Agent: Record Agent; begin GetAgent(Agent, AgentUserSecurityID); - GetUserAccess(Agent, TempAgentAccessControl, false); + GetUserAccess(Agent, TempAgentAccessControl); end; - local procedure GetUserAccess(var Agent: Record Agent; var TempAgentAccessControl: Record "Agent Access Control" temporary; InsertCurrentUserAsOwner: Boolean) + local procedure GetUserAccess(var Agent: Record Agent; var TempAgentAccessControl: Record "Agent Access Control" temporary) var AgentAccessControl: Record "Agent Access Control"; begin @@ -88,13 +72,8 @@ codeunit 4301 "Agent Impl." TempAgentAccessControl.DeleteAll(); AgentAccessControl.SetRange("Agent User Security ID", Agent."User Security ID"); - if AgentAccessControl.IsEmpty() then begin - if not InsertCurrentUserAsOwner then - exit; - - InsertCurrentOwnerIfNoOwnersDefined(Agent, TempAgentAccessControl); + if AgentAccessControl.IsEmpty() then exit; - end; AgentAccessControl.FindSet(); repeat @@ -323,30 +302,12 @@ codeunit 4301 "Agent Impl." procedure AssignPermissionSets(var UserSecurityID: Guid; var TempAccessControlBuffer: Record "Access Control Buffer" temporary) var - AccessControl: Record "Access Control"; + AgentUtilities: Codeunit "Agent Utilities"; begin - AccessControl.SetRange("User Security ID", UserSecurityID); - if AccessControl.FindSet() then - repeat - if not TempAccessControlBuffer.Get(AccessControl."Company Name", AccessControl.Scope, AccessControl."App ID", AccessControl."Role ID") then - AccessControl.Delete(true); - until AccessControl.Next() = 0; - - AccessControl.Reset(); - TempAccessControlBuffer.Reset(); - if not TempAccessControlBuffer.FindSet() then - exit; - - repeat - if not AccessControl.Get(UserSecurityID, TempAccessControlBuffer."Role ID", TempAccessControlBuffer."Company Name", TempAccessControlBuffer.Scope, TempAccessControlBuffer."App ID") then begin - AccessControl."User Security ID" := UserSecurityID; - AccessControl."Role ID" := TempAccessControlBuffer."Role ID"; - AccessControl."Company Name" := TempAccessControlBuffer."Company Name"; - AccessControl.Scope := TempAccessControlBuffer.Scope; - AccessControl."App ID" := TempAccessControlBuffer."App ID"; - AccessControl.Insert(); - end; - until TempAccessControlBuffer.Next() = 0; + // Calling system codeunit to allow the assignment of permissions to Agents without SUPER or SECURITY. + // This method ensure that the user has Configure permission for the specified agent in all the companies + // for which permissions are modified (both removed and added). + AgentUtilities.UpdateAccessControl(UserSecurityID, TempAccessControlBuffer); end; procedure GetPermissionSets(AgentUserSecurityID: Guid; var TempAccessControlBuffer: Record "Access Control Buffer" temporary) @@ -449,11 +410,6 @@ codeunit 4301 "Agent Impl." Error(''); end; - local procedure SetOwnerFilters(var AgentAccessControl: Record "Agent Access Control") - begin - AgentAccessControl.SetFilter("Can Configure Agent", '%1', true); - end; - procedure ShowNoAgentsAvailableNotification() var NoAgentsNotification: Notification; diff --git a/src/System Application/App/Agent/Setup/AgentList.Page.al b/src/System Application/App/Agent/Setup/AgentList.Page.al index d6e5e873ab..f8a3e6a76e 100644 --- a/src/System Application/App/Agent/Setup/AgentList.Page.al +++ b/src/System Application/App/Agent/Setup/AgentList.Page.al @@ -53,6 +53,7 @@ page 4316 "Agent List" Caption = 'Setup'; ToolTip = 'Set up the agent'; Image = SetupLines; + Enabled = Rec."Can Curr. User Configure Agent"; trigger OnAction() var