So I’ve been tasked with the chore of applying security roles to our company’s NAV deployment. I’ve decided I need 10 different roles, but none of the existing roles seem all that helpful. For example, I’ve tried creating a role for our purchasing manager: he needs to create purchases, create vendors, and create items. I have applied several of the pre-made roles, and he can see some things he shouldn’t, reports crash, and he can’t select items for purchase.
Is there an easy way or best way to get started? I’m feeling a bit overwhelmed.[:’(]
Hi Chickenmunga,
security setup in Navision is hard. Take a look at this thread for some good advice.
Our approach is typically take the standard NAV roles that match your requirements and then tweak them to correct security errors in testing.
I have heard that the security tool mentioned in the thread is good but have never used it. Basically it allows you to “record” the security access needed to perform certain tasks and then save the settings as a new role. The main disadvantage I can see from this is people rarely know all of the activiities a user will need to perform so you are going to be constantly adding new permissions to your role.
Good luck.
Thanks for the great tip, we are looking into this. I want to start peering at that document tomorrow!
For today, I was able to use the Client Monitor (under Tools->Client Monitor)
-
First, I recorded my activity with the Client Monitor
-
I then filtered the Client Monitor’s parameter field by table.
-
Then, I created a new role with full access to all the tables listed by the Client Monitor
-
Now I tested to make sure I could do all the tasks I needed
-
Finally, I began removing permissions so I could lock down my user (prevent them from deleting stuff, etc)
Not sure if this is the same tool or not, but it has the same problems as what you describe. However, it beats wding through several thousands of tables or guessing at roles!
Personally I found the tool great for finding that “lost” object, so you could see all objects bing used when a user had an error message. But I never liked using it to crate roles, because then the roles became too specific. Also you never test every possible option, so you still miss one.