i know i will be getting answers like: ask navision implementation partner or check microsoft partner resource. But…
i want to learn by experiences of great guys here…
what are the issues / benefits you have seen over the years with different style of defining roles. like restricted access on data, security filters, adding / removing only a few objects permission for a particular person who is using a role which is assigned to other users also. ur suggestions on how to create the hierachy of roles.
Well, when it’s up to create Roles in NAV, my experiences have shown that it is quite difficult to do it just by “mind”, means defining the permissions per Role by thinking about which object-rights need to be granted, or not.
To generate Roles my favorite utility is the “User Rights Setup” tool, shipped with the “Tools” CD-ROM (usually just available for NAV Partners, but also for download - an older version - at MIBUSO.comhttp://www.mibuso.com/dlinfo.asp?FileID=277 ).
Here you actually record the activity of a user to generate a role which fits nearly perfect to the requirements of the user. E.g. to create the role “PURCHASE” you just record the activity of a purchaser. This makes the creation of roles much easier! For details please read the manual (included in download).
According to the definition of roles I would like also to give you some inspiration about the setup of Logins:
Here it could be very convenient to configure Windows User Groups with Active Directory, e.g. like Domain\NAV_Purchase, etc… Now you could assign the single user accounts (Windows Logins) to the AD Groups. In NAV you only setup the AD Groups - not each single user - and you assign the relevant roles just to the group. E.g. you create a “Windows Login” in NAV for the AD group Domain\NAV_Purchase and assign the (recorded?) role “PURCHASE” to it.
The benefit here is, that you have to administer the single users just once in Active Directory, and not twice - AD and NAV.
Using this type of authentication, do we need to add “all” of our Active Directory users to thw Windows Logons in Navision?
Is there a way to automatically add all AD users to the Windows Logon in Navision?
We are a company with 400 employee, and every other week we have new employees, if that is not possible I will have to add all my AD accounts to the Windows Logons and then, every time I have a new user I’ll have to add them to the Navision too.
If you are using the Standard security model, it is not necessary to also add each login to NAV. If you are using the Enhanced model, then it is necessary to also add the logins as will as the group, but the NAV roles themselves need only be associated with the group, not the logins.
To see which security model you are using, look in File / Database / Alter - Advanced tab.
[If you are using 3.70 or earlier then it is always the Standard model; if you use 4.0 prior to SP3 then it is always the Enhanced model. In both cases there is no option to change the model].