Account access permissions in COA

Dear colleagues, I want to separate user access permissions to different accounts in one COA (table - “G/L Account”). The main goal is to hide some account (e.g. payroll) from the common use. Authorized users only could access these accounts. How to realize that in C/SIDE? Regards, Yuri.

Two possible solutions: 1- you can either set up a filtergroup and a filter in the OnOpenForm trigger — or – 2 - use OnNextRecord trigger to generate an extra step. Regards, Alex

There’s no global setting or filter available, so the only way left is the hard way - check at every point where an offending action is possible. We’ve done this for a customer, who wanted to restrict the detailed views (indeed on the payroll and employee related accounts), in the following way: - Added a boolean field to the G/L Account indicating it’s an account with restricted view (or not). - Added a boolean field to User Setup, indicating restrictions apply (or not) - Created a codeunit which checks for the user having restricted access, and the account being restricted. The codeunit has a couple of sections - i.e. one to check lookups and drilldowns, another section to check for which filters are set (which could be another approach to see individual data). If restriction is needed, an error pops up. - Added at all places where a “forbidden” action is possible (and there are a lot of 'm…) a call to the checking codeunit. Technically it wasn’t too complicated, but finding all possible places where (inventive) users could be approaching the data was plain hard work. John

John, I do belive that it could be done without quite as many steps if you simply add the filtering code to the forms that are used for lookups. I think standard Navision only provides 2 basic views the COA and Account List. So by restricting information at the source, it’s not nessasary to worry about the lookups. I used this approach several times. It seems to work great. Bill Benefiel Manager of Information Systems Overhead Door Company (317) 842-7444 ext 117

Bill - there are plenty of reports, that may show this data, and report adjustments may not be as straight forward as forms. Also, think account schedules. John is right in saying it is a lot of work. Impuls workbench would be THE tool to do this. Alex

Bill - believe me, when the issue is to restrict a detailed view of a few G/L Accounts, there are a lot of forms involved. Not just the various cards/lists, but also balance forms, budgets, Account Schedules, reports and so on. Don’t forget that by applying a filter on Employee, a lot of detail can be derived at many places. Agree, many users won’t even think about that (or don’t know…) but when such a security level is required, you should provide a watertight protection. And we tried to make it a general solution for the user, effected by setting a few booleans only. Works like a charm, by the way. John

Thanks everybody for your answers. I have found the decision. It’s not concerned with C/SIDE programming. This functionality is realized in Attain (v.3.01a). New field “Security Filter” is appeared in Role permissions setup window. Any Navision-style filter can be applied in this filed to any TableData object (not only to “G/L Account” !). As I understand, this security filter is applied before any C/SIDE code in forms, reports and so on. At least it looks so. So, everything work fine … but in MS SQL Server Option based version ONLY! I have tested this functionality on Navision Server based version of NA as well as on local database file based version. Result in nothing. Unfortunately, I expect some additional developing work on Navision Server based version in a way you suggest. Regards, Yuri Pokusaev Regards, Yuri Pokusaev IBS, Senior Consultant NCPS, NCSD +7(095)987-8080