Sign in

AML Analysis

February 2, 2026 11:28 AM
1 min read

Prior to Aras Innovator 11.0 SP9, Aras Innovator supported the use of any SQL to qualify the data that needed to be retrieved, in the form of the Where attribute on <Item> tags, and the condition attribute’s In and Between on Properties. As SQL operates below the permissions model, as opposed to the restrictions already in place on AML, Aras has introduced an Item Analysis functionality to ensure that all queries respect the permissions model and prevent SQL injections.

To this effect, when an AML sent from a client contains where/in/between attributes, Aras Innovator will validate values of these attributes and generate an Item Analysis Error if the validation failed. The error generated depends on the User’s Identity List. A non-administrator, upon executing an invalid AML query, will see an error that recommends they contact their Administrator. For example:
User query:

<AML> 

<Item action="get" type="Part" where="[Part].id IN (SELECT id FROM [PART].id WHERE id IN ('EBA30FA710AC4753B76E43DED126CF76', 'FE8D32A113714C0498C271191210F19E'))"/> 

</AML>

Response: 

<SOAP-ENV:Fault xmlns:af="http://www.aras.com/InnovatorFault"> 

<faultcode>SOAP-ENV:Server.ItemAnalysisException</faultcode> 

<faultstring><![CDATA[Item Analysis Error. Some Items have incorrect attribute/property values syntax. Please contact your system administrator for more details.]]> </faultstring> 

… 

</SOAP-ENV:Fault>

When a User who is a Member of the Administrator Identity runs the same query, they will see a breakdown of the error, and what specific section of the code is incorrect. For example:
Administrator query:

<AML> 

<Item action="get" type="Part" where="[Part].id IN (SELECT id FROM [PART].id WHERE id IN ('EBA30FA710AC4753B76E43DED126CF76', 'FE8D32A113714C0498C271191210F19E'))"/> 

</AML>

Response:

<SOAP-ENV:Fault xmlns:af="http://www.aras.com/InnovatorFault"> 

<faultcode>SOAP-ENV:Server.ItemAnalysisException</faultcode> 

<faultstring> 

<![CDATA[Item Analysis Error. Some Items have incorrect attribute/property values syntax. See details for more information. 

Details: 

Incorrect value: "where="[Part].id IN (SELECT id FROM [PART].id WHERE id IN ('EBA30FA710AC4753B76E43DED126CF76', 'FE8D32A113714C0498C271191210F19E'))"". Incorrect value explanation: "SELECT" is forbidden in where attribute. 

]]> 

</faultstring> 

… 

</SOAP-ENV:Fault>

Note that the validation mechanism will still allow conditions on properties of the requested ItemType including cases when the condition contains standard SQL qualifiers. For example, using an attribute such as <Item type="Part” ... where="[Part].id = ‘0123456789abcdef’” ... /> will execute the same as before.
Aras Support recommends, if you encounter an Item Analysis Error, that the AML query be adjusted to conform to the new rules.