I am trying to add some security to the AX ProjBudget form in AX 2012 R3. In the init method of the form, there's a chunk of code that does a FindOrCreate. It finds the budget if it already exists and it creates a budget if one doesn't exist. We have a requirement where some user roles should be able to create project budgets while others should only be able to view them. My user role has view only access to both the ProjBudget table and the ProjBudget menu item which opens the ProjBudget form. When I click a menu item button that points to the ProjBudget display menu item, the form opens and creates a record on my behalf. I think I misunderstood the AX security framework and figured that code in the init would fail to create a new record since my user has view only access. I tried overriding the security by adding the ProjBudget table to the permissions on my user role and setting the EffectiveAccess property to NoAccess and still the system is creating the record on my behalf. I was surprised to see my user id on the CreatedBy field thinking that if the system is creating the record, at least it would show the AOS user but the system is somehow able to create this row on my behalf.
Am I doing something terribly wrong? I'm wondering if it's not a good coding practice to put this FindOrCreate on the init of a form where you want users to be able to view records but not have access to create them.
To resolve this issue so our read only users are no longer able to create project budgets, I had an idea for a work around which would be to create a second menu item to the same form. One would be for create and one would be for view/edit. The view only user would get no access to the create button and would get access to the view/edit button. Then I have to do extra work on the parent form to check whether a budget exists and show the create button if no budget exists and show the view/edit button if a budget exists. This way my view only user just won't see a button if no budget exists and will be able to see and click the button if a budget exists. This feels really hacky, I don't think the calling form should have to be conscious of the existence of a record in a child form and toggle the buttons like this but I'm not sure of another way to deal with this without doing a bigger refactor on the project budget creation process.
Any thoughts or suggestions would be greatly appreciated!