Dear friends, Can anybody explain me what is ‘Execute’(field name in 'Execute permission’in role pernission window) permission type.Please let me know as detail as possible.I am not able to get any details about this in any pdf or navision help ??? Regards, Rajasekhar Venumala
Hi We ask the same question to our NSC after install 3.01B. The answer: ‘Mhmm, psfsfsf, [?][?][?]’!! Great! [:(] We know only two things: Not every right in a role has ‘Execute’ = True. But - every right in role we make has ‘Execute’ = True. bye Andre
I Always wonder what really means this execute thing… Seems to be a Navision Secret… [:p]
hi Execute permission of an object allowes user to Run it directly. What i mean to say that if you not have excute permission on a table, you cannot run a form that uses the table. indirect permission implies that you can use the table indirectly somewhere in the program eg a codeunit. harikesh
Hi Harikesh Basically you are right. But why I can’t change the ‘Execute’ field? And why I can’t find any ‘Execute’ in the standard Attain roles (e.g. Purchase). I guess the ‘Execute’ has something to do with intern (Attain) roles and extern (User) roles. bye Andre
quote:
Originally posted by Andre DDB
Hi Harikesh Basically you are right. But why I can’t change the ‘Execute’ field? And why I can’t find any ‘Execute’ in the standard Attain roles (e.g. Purchase). I guess the ‘Execute’ has something to do with intern (Attain) roles and extern (User) roles. AFAIK ‘Execute’ rights have no effect on tables. They only play a (major) role on (programatical) objects (i.e. reports, dataports, codeunits) and this in conjunction with the “indirect” rights on tables. Imagine the following scenario: You have a report which accesses the G/L entries. And you have a user which is assigned a role which has no access to G/L entries. You want to give the user the right to execute the report (with meaningful results). Now you grant this user “execute” rights on the report and “indirect” (read) rights on G/L entries. But don´t forget to edit the “permissions”-property of the report in questionNow this user may execute the report and get the results from the G/L entries table. bye Andre
Hi Josef Your example makes sense but it doesn’t explain IMHO the differences between standard roles and roles made by the users. Look into the standard role (german): ‘EINKAUF-A/B/R/R/G’. You will nowhere see a ‘Execute’. When I try to add a right in this role the system automatically set ‘Execute’=True. And I can’t change this entry! Why?? But perhaps you can explain it to me on thursday [:)]. bye Andre
The execute permission it’s mostly used not for tables, but for reports,forms,dataports and system permissions types. If the report,form,dataport or system function has not the execute permission set, you can’t run them… as easy as that.In fact, it’s the only permission it has mostly sense on them to setup, as by default no normal users should have permissions to delete,modify or insert new forms, reports or dataports (you should set those permissions by default to all users to false). It’s really important in the system functions (in fact it’s the only permission allowed to be changed on that group), as you should set to false the permissions in all dangerous tasks, like delete companies, delete database, rename company, restore backup… Regards, Regards,
quote:
Originally posted by apertierra
The execute permission it’s mostly used not for tables, but for reports,forms,dataports and system permissions types. If the report,form,dataport or system function has not the execute permission set, you can’t run them… as easy as that.In fact, it’s the only permission it has mostly sense on them to setup, as by default no normal users should have permissions to delete,modify or insert new forms, reports or dataports (you should set those permissions by default to all users to false). …
Now I’m completly be in a mess [:(]. Which user (who hasn’t ‘super’ rights) can do the things you explained? And if he has ‘super’ rights I can’t set any permissions to false, or am I wrong? But perhaps is the following the reason of my confusion: We only give rights on tables. All other permissions are restricted by customized forms and menus. And in the table rights is the thing I can’t understand. If I give a user ‘ReadOnly’ right on a table in a role the system automatically sets ‘Execute’ = True. IMHO then it is double. bye Andre
Let me explain you how this is working… Navision standard databases security roles (woh… how long it sounds) only has it’s default setup based on tables, giving the users full permission to run all forms and reports on the application. Also, the generic groups are including an “all users” group that has limited system functions allowed, but it’s allowed to run all reports and forms (and dataports…). That “basic” security system it’s a nice way of “creating confusion” to final users, as they don’t have setup any “form” based security at all… as you say, you’re restricting other permissions by customized forms and menus… why?? because you don’t have a proper setup on forms and reports. Let’s say you’re having a user that can run reports from the G/L ledger, but that you’ve a couple reports you’re not wanting him to be able of run… will you create a new special menu just for not allowing the user to run a couple reports?? The logical way is that you setup a proper permissions role for reports and for the forms (if the user has no permission to execute a form no matter if he’s having an option in the menu for opening that form he won’t be able of opening it). If you’re having a proper setup on forms and reports you can skip a lot of development. Regards
Hi Alfonso Thank you. Now I understand.
quote:
Originally posted by apertierra
… If you’re having a proper setup on forms and reports you can skip a lot of development. …
But I have to maintain more roles and rights [:(]. For such cases we have ‘Dummy’ - roles (e.g. Controlling). The roles are empty. They have only members. If the user isn’t a member of such a role he doesn’t see all menus (visible = false) and can’t run all reports and functions. It works [8D]! Thank you again for the explanation. bye Andre
quote:
Originally posted by apertierra
…The logical way is that you setup a proper permissions role for reports and for the forms (if the user has no permission to execute a form no matter if he’s having an option in the menu for opening that form he won’t be able of opening it). If you’re having a proper setup on forms and reports you can skip a lot of development.
Sorry my objection, but I don´t agree. The “logical” way is to restrict the access on data, not on objects which acces data. Otherwise a tricky user could find ways to retrieve exactly that data which you would like to hide to him by forbiding the execution of i.e. a specific report. Regards