AX7 Table Browser and Class Runner


Challenge 1: delete a worker in Dynamics AX "7" aka "Dynamics 365 for Operations" in the table browser

Create a worker under Human resources > Workers > Employees. Now try to delete it. If you ever touched the Project setup settings etc of the employee, a message appears announcing that a "Worker cannot be deleted while dependant Resources exist. Delete dependant Resources and try again." Indeed, the system automatically creates a new work center for every new timesheet user.

Navigate to Organization administration > Resources > Resources. Locate the work center representing the employee and try to delete it. The result is a message "Resources cannot be deleted while dependent ResResourceIdentifier exist. Delete dependent ResResourceIdentifier and try again". There is no UI for the ResResourceIdentifier table which is especially reassuring in an Azure production environment where you are not allowed to run SQL scripts against the database.

Solution: open the System Table Browser and delete the ResResourceIdentifier record by the RecId of the work center.

The table browser may be opened in the Visual Studio environment but it is just a URL that can be called in a browser as well. You just have to know the exact name of the table to do so: https://XXXaos.cloudax.dynamics.com/?mi=SysTableBrowser&tableName=ResResourceIdentifier

SysTableBrowser

It's a pity that the precious SQL injection window where in previous versions of Dynamics AX you were able to execute delete_from and update_recordset statements is not presented anymore; a real loss indeed.

Challenge 2: execute an arbitrary X++ class in Dynamics AX "7" aka "Dynamics 365 for Operations"

In AX7 there are no more "jobs" to be executed at once on Ctrl-O, but a replacement exists: runnable classes as described here: https://blogs.msdn.microsoft.com/axsupport/2016/03/23/get-started-developing-in-ax-7/

When executing a runnable class from Visual Studio the form SysClassRunner is called. This form parses the URL for the cls parameter and executes the respective class. You just need to know the URL syntax and the exact class name.

Let's start with something harmless: https://XXXaos.cloudax.dynamics.com/?mi=SysClassRunner&cls=SysDBInformation

 

warning

Now you can try to drop all transactional, non-master data in your production database: https://XXXaos.cloudax.dynamics.com/?mi=SysClassRunner&cls=SysDatabaseTransDelete

 

 

Comments (3)

  1. The SQL Injection is gone? Too bad. Is the truncate table option still available, at least? 😉
    Many thanks for your posts – informative & enjoyable as always.

  2. Med Bouhoum says:

    Thank you Eugen for this post, very instructive.
    Please how to run SysDatabaseTransDelete for a one specific entity ?
    regards
    Thanks

    1. Eugen Glasow says:

      Hi Med, this is not supported. But you may take the SysSqlAdminClass from earlier AX versions, provide it with a main() method and a small dialog window to ask for a table, then apply the #aTruncate action to the selected table. This is a very easy development task.

Skip to main content