Summary

To properly test your xml documents for use with the Application Integration Framework (AIF) in AX 2009, it is best to use the File Adapter as it is easy to set up.  You can use any Adapter for when you go-live.  

It is important to understand how the AIF file adapter security authorization works as it will save you time and frustration.   Below we will discuss the submitting user, source endpoint user, file ownership, and endpoint security. 

The security is determined by the “submitting user” and the “source endpoint user”.  The "source endpoint user" is specified in the <SourceEndpointUser></SourceEndpointUser> tag in the xml document.     This is the user on whose authority the inbound request is being made.  The format is Domainname\Domainuser.  In the absence of the "source endpoint user" not being specified in the tab, it uses the "submitting user id" as the "source endpoint user".   

The "submitting user" is determined from the Windows file owner.   You cannot specify the windows file ownership to be a windows group as there is no way of translating a windows group to an AX User or AX User group.   So the file ownership must be set to a specific user.   It then uses the specific user, identifies if that user is an internal AX user, determines the AX group membership, and if rights to the endpoint.   NOTE:  In Windows 2008, if the submitting user is in not a local administrator in Windows, then the ownership is automatically set to the submitting user.  However if the submitting user is a local administrator, then the ownership is set to the local Administrators group (not the individual submitting/creator user account).

If security is not set up properly, you will receive, "The user is not authorized to use this Endpoint".   Below are some examples to illustrate:

Setup

  • Security Group name = AIF with FULL control to create Sales Orders
  • Endpoint = WWW and AIF Security Group has rights
  • Domain Users:
    • windowsuser1
    • windowsuser2
  • Domain Users, windowsuser1 and windowsuser2 assigned to AIF Security Group

Scenario 1

  • Sourceendpointuser in the xml = <SourceEndpointUser>windowsuser1</SourceEndpointUser>
  • Owner of the xml document = windowsuser1   
  • Creates Sales order successfully because windowsuser1 is the owner of the document and has rights to the WWW Endpoint

Scenario 2

  • Sourceendpointuser in the xml = <SourceEndpointUser>windowsuser2</SourceEndpointUser>
  • Owner of the xml document = windowsuser1 
  • Exception occurs stating that "The user is not authorized to use this Endpoint".   This is because windowsuser2 is the submitting user but not the file owner.

Scenario 3

  • Sourceendpointuser in the xml = <SourceEndpointUser></SourceEndpointUser> (e.g., no user specified)
  • Owner of the xml document = windowsuser1 
  • Creates Sales order successfully as windows1 is used as the submitting user and is the file owner.

 

Conclusion

  • When using the File system adapter, the submitting user, e.g., the user who submits the AIF document for processing is the owner of the document and must have rights to the Endpoint 
  • The user must be an AX user with access to the Endpoint
  • If you do not list any user as the "source endpoint user" in your XML document, it will use the owner of the document as the submitting user.  See notes above for exceptions on Windows 2008 and Windows 2003.