Permission for table data and form

I am setting permission now. And I found that by default, Navision gives the role “All” permission for all forms (form 0). It controls the permission by table data. That means if one user has permission to read a table data, he has the permission to open the form. For example, one user wants to post Purchase Order, he must have permission to read G/L account. So if I grant him the default role “P&P-Q/O/I/R/C, POST”, he also has the permission to open G/L account and see the balance, which he shouldn’t have right to view. I know there are some tools can help to set permission for every table, form, report… I am wondering whether there is a way to control the form using default Navision roles. I don’t want put in every form instead of using form 0. Is there an easy way?

What about do not give the rights to read G/L entries, only insert and modify them? I don’t know, if for posting I need read them… (but may be not…) But I think, that it will be problem to do it without using form permissions…

WWS, If you leave the standard groups of permissions, you will have fun for a very long time. In my company, we use a personalized development to manage this kind of things (even controls on forms related to user; we like the easy way[xx(]). I think it would be better for you to do the same. Do not forget the indirect option that does not give you direct access to the object. Have fun (and make a planning[:D])

I think that the thing you want to accomplish can be done using security filters. Usually the person who is posting the invoices should be able to view GL entries or totals, but only for these records he/she has created himself/herself or are created for his/her department. So you can use security filter to limit the GL entries what he sees only to those what have User ID the same as his or the department code the one what he/she is allowed to see.

Hi there They way we do it is give permissions in the code unit, so make all g/l entry and g/l account tables indirect permission in the read column, then copy the steps below; A. Access Tools | Object Designer. B. Select Codeunit 12. C. Select the Design button. D. Select the Properties icon. E. Click in the Value field of the Permissions line. F. Select the ellipse button (…). G. On the line for Object ID 17, check the ‘Read Permission’ box. H. Insert a new line for Object 15, check the ‘Read Permission’ box. Seems to work fine, part of this came from Microsoft knowledgebase article 857993 Regards, Derek

I think what ww s wants to know is if it is possible to use standard navision roles to achive the intended goal. he answer to that question is No unfortunately. Basically Navision’s default roles are table level based, and if you want to go to Form or Report based, then you will need to start from scratch and redesign your own roles. You will basically have to create roles based on which forms and reports each user can access, and this is a lot of work. You have three routes you can take. 1/ Is manual, the fun way, basically craete as much of the role setup as you can guess, then listen to the users screaming when they don’t have permission. 2/ Is to use some of the Navision tools that wil autogenerate roles. If you do this, Keep in mind that these are HELPer tools, you still need to review the roles created, and work out if they are right for your company. 3/ Write your own Role management tools. This option only makes sense if you have lots of companies and users that have special permissions requirements.