Minimum rights for Synchronize All

One of our clients does not want to give any user both the Navision SUPER role and the SQL sysadmin role.

They report that they then cannot run Synchronize All (on Nav 4.03, build 23305, standard security model).

Have you ever encountered this problem?

What are the minimum rights needed (in Navision, and in SQL) for a user to run Synchronize All?

In any case, are there significant benefits when they avoid giving users both SUPER and sysadmin?



In NAV there should be the role “SECURITY” which should be the right one. In SQL Server the login should be assigned to the server-role “securityadmin”.

I think that should do it …



And …

Of course! SUPER/sysadmin could do EVERYTHING with the system: read all data, write all data, create/delete objects, tables, databases etc. …

Server Role: securityadmin AND Database Role: db_owner

Database Role db_owner is only required to insert tables.

We have configured our system so that each company have one dedicated super user who is allowed to change the user permissions. But they are not a member of the SUPER role in NAV and do not have, but they are a member of the securityadmin role in SQL. And on the other hand none of our developers/consultants are allowed to change user permissions.

Thanks for your replies.