problems with role setup

I am working on cronus databse of sp1.

I am getting problems with roles.I want to assign only purchase order creation to particular user. This is I am trying to do.

For this I done some thing like this

I created to two user ids .

Some A , B.

A has Role – SUPER

B has Role – ALL, P&P-Q/O/I/R/C(Create purchase orders, etc.).

I opened with databse with B user

When I try to create Purchase order I got this error

“U don’t have permission to read the Responsibillity table…

Then I go in to the permissions given like this

Read- yes,

Insert-yes,

Modify-yes,

Delete-yes,

Again I come back try to create , this I got this error “U don’t have permission to read the Tax are location table…

Again in the same way

Again I try to create PO, This time I got this error ““U don’t have permission to read the structure order details table….

Like this I am getting all errors.

I hope this is not the correct way. What is the problem.How to solve it.How can I assign to particular user only chance to create order.

solve this issue.

For this you can do the following: There is a form 70005 (for granting permission), as a part of process you have to run client monitor which records the activities done and the object accessed…then give the permission accordingly to the ROLE… the method you r trying is very time consuming and frustrating… The form I mentioned may be a part of NDT (Developer’s tool kit). Try it and if there is any further question then pls let me know

Hi Hansika,

Welcome to the user group. I hope we will be able to give you some good answer here. I will ask you the same as I ask all new members, please post your introduction in the Introduction forum. In general you can expect better answers if the other members know a little more about you. This is not just a forum, but a user community where the members put an honor in helping other members.

Nuno’s answer isn’t wrong, but I think it’s not the right way to do. One think that I learned over the years is that it’s not a good idea to change the standard roles, if you don’t need to do that. Because if you do, then you need to do a lot more work when new versions comes.

I tried out your example and I must admit that it’s not that easy. But what you have to think about is that the Cronus company is a complete test company where almost everything has been setup.

In a more simple setup, then the two only additional roles you should have was:

INVT-ITEM/BOM

P&P-VENDOR

But since the Cronos company have a lot more functionality enabled, then you need a lot more permissions than what there is in the standard roles. One permission that sure worried me was the “Warehouse Receipt Lines”. I really don’t understand why there is no standard role with only read permission to this table. The only thing that comes close is the WM-R/PA/A/P/S (Create receipt, put away, etc.) role. But with this additional role you can create your purchase orders, as long as you don’t want to release the orders. Then you also need the RELEASE DOCUMENT role.

A way to figure out what additional roles you need is to open the role list, and then you select the Permission list for the role and remove the filter for the current role. Now you add a new filter for the object number of the table you need to find. Now you can see which roles have the wanted permission in it’s role.

I don’t remember being were but if you say it [:)]

Nuno,

Don’t get me wrong. I just think your suggest is something you would suggest for someone who is already a NAV expert…

I was referring that the answer was has supplied by DRD and not by me. No problem

Hi Eric, Do you mean to say that answer was not explanatory or the step(process) itself is wrong?