Maximum security - Block menu items

If you want to have a usergroup with access restricted to the utmost minimum. In fact, these users should be allowed to read a single table only. For the rest, nothing should be allowed to do. The strange thing is that you seem to be unable to block some of the crucial system menu items. Take for instance the File, Database, New command. Not a command to be used by just any user (I think), and certainly not a command you want to be used by anonymous guests logging in with remote access. So, anybody who can tell please where to find the rest of the system menu items for use in the permissions settings? Or to set this kind of permissions from outside Navision? Or would someone be so kind to share his/her solution for a similar situation? John

John, with regards to creating a new database, the user will never be able to create a new database on the C/SIDE server, unless they have create file permissions on the server directory and they choose the same filename as the live system. In SQL, it depends on the SQL permissions on the MS side as to whether they can create databases or not. I guess an issue here is that if the client has no database open then there are no database permissions active anyway so how could you restrict this? Craig Bradney Project Manager - Technical Navision Solutions & Services Deloitte Growth Solutions Deloitte Touche Tohmatsu P:+61-2-9322-7796 F:+61-2-9322-7502 E:craig_bradney@deloitte.com.au

Craig, The point here is that we’re not talking on “normal” Navision use. This customer wants to let people from all over the world maintain data specific for their country or region (think of tax issues, import regulations etc.). These people do not know anything about Navision, nor are they allowed to do anything else with the system than maintenance on that particular table. This usergroup should get the absolute minimum of permissions to read and modify that specific data only. Furthermore, there’s agroup of people, also from all over the world, that should be able to just read the data - and really nothing more. The intended way of access is through Citrix, logging in under preset names. So far, we are able to set things as desired, just only the part of disabling menu-items is not satisfactory. We don’t want to allow change of DB, no New DB, no Company change, etc. Any ideas? John

John Im not sure about permissions for database new, but from looking at the permissions table based on the object table, it would be object permission 1510, if it was in the list, if you could get it into the list. The objects permissions for database start at 1530. I guess I would be creating main menus for these people so they have buttons particular to their needs. Craig Craig Bradney Project Manager - Technical Navision Solutions & Services Deloitte Growth Solutions Deloitte Touche Tohmatsu P:+61-2-9322-7796 F:+61-2-9322-7502 E:craig_bradney@deloitte.com.au

A New database seems to be blocked if the connection to the server has been started with “database=xxx” parameter (C/SIDE). Must try this with SQL. Still, a few items remain that are not nice for allowing anonymous logins. Take Tools, Security, Password. You can’t prevent users from changing the password, even not by setting the permissions for the User table to none… Of course, Graig, these special users will get a completely different “main menu” with just the minimal options for the special task only. John