Aras Best Practices: Community Projects, Part 2

Aras Best Practices: Community Projects, Part 2

This post outlines some pitfalls to avoid when creating your Aras Community Project. If you missed our post Aras Best Practices: Community Projects, Part 1, be sure to check it out for even more helpful tips for project authors.

Do Not: Use applySQL()

The applySQL() function is not permitted for use in Aras Community Projects, as it can be used to bypass the Aras permission model. Users who should not be able to get, create, or update certain items may be able to do so if an action or method uses applySQL() to perform these actions via direct SQL instead of AML or the IOM. The same goes for using SQL items from import packages.


Here's a simple applySQL() example:

And here is an example using a SQL item from the database:

Best Practice

Here's the applySQL() example rewritten using IOM:

And here's an example using applyAML():

Do Not: Use ActiveX Controls

ActiveX controls are not supported by modern browsers and can cause major issues when upgrading Aras Innovator. ActiveX controls may not be used in Aras Community Projects.


Do Not: Include Product Trials

Do not include freemium or limited-time trials of products produced by you or your organization. However, projects that integrate with other paid services are acceptable.


Harry from XYZ Corp. submits a 30-day free trial of the XYZ Connector, which requires a monthly subscription to continue functioning after the 30-day trial expires. Since it’s a paid product, Harry cannot submit the source code for the XYZ Connector.

Best Practice

Harry from XYZ Corp. subscribes to ABC, a third-party product he really likes. He builds a connector to use ABC with Aras, and then he submits the source code for his ABC connector – noting that users can try out the connector with ABC’s 30-day free trial.

Do Not: Share Others' Intellectual Property

Do not include third party compiled code (dll’s, executables, etc.) or materials that are not licensed to be shared freely.

Do Not: Share Aras Subscription Materials

Do not share subscription feature license keys or other subscription materials. If you have questions about the benefits that come with an Aras subscription, please contact our Community team at [email protected]. If you have questions about what content should not be included in an Aras Community Project submission, please contact Aras Labs at [email protected].


Terry creates an iOS app using the Aras IOM SDK for iOS, which is available only to Aras subscribers. Terry includes the IOM.IOS.dll file with her source code when she uploads her project to GitHub.

Best Practice

Terry creates an iOS app using the Aras IOM SDK for iOS, which is available only to Aras subscribers. She does not include the IOM.IOS.dll file with her source code, but instead includes steps in the project file to tell users how to reference their own copy of the IOM.IOS.dll file.

Avoid: Modifying Core ItemTypes

Core ItemTypes are used to define the most fundamental parts of the Aras data model. Modifying these ItemTypes can have unintended consequences and is not permitted in Aras Community Projects. If you aren't sure what ItemTypes are considered "core" ItemTypes, navigate to Administration > ItemTypes in the TOC and search for ItemTypes where core='1'.

Here are a few core ItemTypes:

  • ItemType
  • Property
  • Identity
  • File
Note: This is not to say that your project cannot create or modify ItemTypes. For example, a project may add a property to the existing Part ItemType or add a new server event to the CAD ItemType. These are examples of ItemTypes that are not in the core.

Avoid: Code Tree Modifications

It is best to avoid code tree modifications when possible for several reasons. It's very easy to make a small change in the code tree that has far-reaching unintended effects, especially because a single code tree can be used with several databases. Code tree modifications also add an extra layer of complexity to service pack upgrades and major version upgrades.

That being said, some code tree modifications are more benign than others. Additions to the code tree are generally acceptable, whereas modifying critical files like Innovator\Client\javascript\aras_object.js or Innovator\Client\javascript\iom.js could adversely affect functionality. Code tree modifications are unavoidable in some cases, like adding new images or updating Innovator\Server\method-config.xml to reference a third party server-side dll.

Avoid: Disabling Security Features

Recent releases of Aras (SP8, SP9+) include security enhancements to further reduce the possibility for SQL injection in AML queries. Sometimes this may result in scenarios where certain queries need to be whitelisted in the Aras code tree's configuration files. This should be done on a case-by-case basis, and not on a global level.

Ready to Submit a Project?

Once you’ve reviewed the above guidelines and confirmed that your project meets them, head on over to to submit your project for review. Looking for inspiration or not quite ready to submit a project of your own? Check out the Aras Community Projects page at to see what other community members have been working on, or even contribute to an existing project.