Skip to main content

We’re using AD roles mapped to Acumatica roles for quite a few of our users.

Trying to create a selector that gives us a list of users that have certain Acumatica roles, and not able to get the “active” roles. Acumatica does not store the mappings in UsersInRole or anywhere else that we can find.

There are two possible paths to this we’ve found:

  1. Use PXSelectAllowedRoles from PX.SM
    1. Not sure how this DAC works or how to use it, but it appears to be the DAC that provides the mapped roles on the users screen. It is used in Access.cs
  2. Use  ActiveDirectoryProvider.GetUsersByGroupIDs(usergroups) or some other method of the ActiveDirectoryProvider. We haven’t completely explored this either.

Does anyone have experience with trying to do this?

As far as I am aware Acumatica doesn’t allow for deactivation of roles only of users. However, if you mean Active as is in to have an assigned role to user, then the following tables should help you to build the BQL for your selector.

PX.SM.Users  contains a field IsADUser

PX.SM.RowUsersInRoles contains the link of Acumatica Role Name to User

this is used in Acumatica Reports and is most likely a projection of PX.SM.UsersInRoles dac/table

PX.SM.RoleActiveDirectory contains the link Acumatica Role Name to the AD GroupID (aka AD Roles) 

PX.SM.Roles contains the Role Name and Description


Reply