Disabling user access on Sales Orders

Hi there, Which is the most ellegant way to disable user access ONLY on (creating and posting) Sales Orders? Besides this limitation, the user (or the role, in general) should act like SUPER, of course. This should be done with the standard Attain security functionality. I would not consider “ellegant” event handling Form42.Open trigger :-). Thanks. Zoran Stalevski Team Vision - Macedonia

What first comes to mind is: - Create a new role SUPERS; - Click on the persmission; - Click “All Objects”; Write simple codeunit which fills in the Permissions table “Yes” for the all Rights except for the codeunit 80 /Sales-post/for Sales Posting and Insert/Modify rights for Sales Header table. Of course you should filter Permissions table for only this SUPERS role. good luck

phew…just checked that if you leave the Role/Permissions definition form with nothing filled in the Permissions fileds - Navision doesnt save anything into the Permission table for the Role (SUPERS in our case). So I guess you should use good ol’ F8 key for the Read permission for all objects and then make a codeunit which fills anything else accordingly.

Au-Ugh. Thanks Nikola. Any better ideas? Maybe a filter over Sales Header (type <> Order) or something like that? * Why RESTRICTIVE permissions are not implemented in Attain (currently one can use only additive ones)? Zoran Stalevski Team Vision - Macedonia

yep…Security Filter should be applied if only type “Order” should not be inserted/modified. And by the way if the user is SUPER - only without Sales Orders posting/create permission he/she will have the permissions to modify the above set rights - either by modifying this role or by removing the code :slight_smile: and yep…there are no restrictive persmissions features in Attain - makes assigning of the permissions a bit clumsy. Personally I’d prefer to create a small code snippet for this.

Hi, If there is a problem with anauthorised security settings, the “SUPER” users will be “All” + all other roles except the “SECURITY” role. On the other hand, the licence could carry those restrictions, also. Nikola: yep…Security Filter should be applied if only type “Order” should not be inserted/modified. This did the job. I created two new roles, “!NOSALESORDERS” and “!NOSALESORDERS, POST” which are copies of “S&R-Q/O/I/R/C” and “S&R-Q/O/I/R/C, POST”, except with appropriate security filter (type<>order) for table “Sales Header”. These roles were assigned to the users. I also had to remove the “SM-Q/O,POST” role, since it gave “Insert” permission to “Sales Header” table. Thanks again. Zoran Stalevski Team Vision - Macedonia