Let say an IT admin wants to create a new permission set that only allows to create SO and post the SO. But how can we identify the exact Object Permission required?
Is there any standard guideline provided by Microsoft regarding this?
First of all, thanks for replying to my questions. I believe you are right, activating the Code Coverage will be one of the method to know what object permission is required when performing certain actions.
What if let say I want to create a new permission to allow creation of Sales Order, but does not allow this permission to view the G/L ? As we know at Sales Line, we can select Type=‘G/L’, and then in the ‘No.’ field, we can select different G/L account. Eventually this user will be able further drill in and look at the G/L details. In this case, how can we identify which object to remove in the permission assignment? I believe this will be a tough task for some IT admin which is not familiar with Navision.
So what do you think? Hope to get reply from you soon. Thanks!
It adds some great features to the standard NAV security model and best of all it’s free. You can use the SQL Profiler to monitor a specific activity in NAV and then import the trace file to help build the permission set by automatically showing you which objects and permissions are needed to complete the activity. The free version has a limit on which tables the SQL Profiler output will show but for a small fee that can limit is removed.
We’ve used both the light and full versions with our clients and it works very well.