Dear All Experts,
Let say an IT admin wants to create a new permission set that only allows to create SO and post the SO. But how can we identify the exact Object Permission required?
Is there any standard guideline provided by Microsoft regarding this?
Thanks in advance.
Version: NAV 2013 R2.
You can activate the Code Coverage and do the steps what you want.
stop the code coverage and check which objects it covered.
It can differ based on different scenario’s but you can start like this…
Hi Mohana,
First of all, thanks for replying to my questions. I believe you are right, activating the Code Coverage will be one of the method to know what object permission is required when performing certain actions.
What if let say I want to create a new permission to allow creation of Sales Order, but does not allow this permission to view the G/L ? As we know at Sales Line, we can select Type=‘G/L’, and then in the ‘No.’ field, we can select different G/L account. Eventually this user will be able further drill in and look at the G/L details. In this case, how can we identify which object to remove in the permission assignment? I believe this will be a tough task for some IT admin which is not familiar with Navision.
So what do you think? Hope to get reply from you soon. Thanks!
If you don’t want to allow users to view G/L Accounts then you need to use Security Filter in table 37 and other tables…
I would highly recommend checking out NAV Easy Security Light by Mergetool.com:
http://www.mergetool.com/products/easysecuritylight.html
It adds some great features to the standard NAV security model and best of all it’s free. You can use the SQL Profiler to monitor a specific activity in NAV and then import the trace file to help build the permission set by automatically showing you which objects and permissions are needed to complete the activity. The free version has a limit on which tables the SQL Profiler output will show but for a small fee that can limit is removed.
We’ve used both the light and full versions with our clients and it works very well.
Regards,
Rob