Dear All, Our case is, Purchasing Dept. complete a Purchase Order and Release it. Warehouse staff Post Receive only when goods arrived. But sometimes, Purchasing people complains that a released order has been modified by somebody else. I tested, warehouse user has right to reopen a released order and modify purchase order lines. Is it possible to disable the funcation of reopening a order to other users except Purchasing staff? Many thanks!
Yes, use the user roles to control it. Codeunit 415 manages it, so only people having the right to execute CU415 can release and reopen POs.
Dear Markus Schenk, Thanks for the answer, do you mean I should create a new role ID and assign permission of this role to execute CU415? If a user has this role he will be able to run CU415. But I still don’t know how to DISABLE a user to run CU415 (release or reopen a order). I mean, the user only can post order but not be able to modify it if the order is released. Thanks a lot! Jack
I do not think that this can be done via Normal Navision Security Setup, since Navision you only grant rights to Objects and do No deny Rights to Objects. Your problem can be solved by adding a Restriction on the Buttun itself, that can be enabled or disabled at runtime based if the USERID belongs to certain group or if user is is in your own SECURITY Setup Table.
I’m not sure but … The ‘ALL’ Role has Codeunit=0:Execute permission setting. You can delete this role from ‘some users’ and cereate a new one - similar: New Role will have all ‘ALL’ permissions despite of Codeunit=0. Unfortunetely, you need to write every CU-execute Permission(without ‘blocked’ CU415) regards
We use a registered add on for this: To-Increase Status Component. Features are:
- define your own statuses in addition to standard Navision status (Created, Shipping, Blocked etc.)
- User based authorization per status
- Allow changing / posting of document per Status
- Print documents on status change
- etc.
It’s a very nice feature! Info: www.to-increase.com (formerly Watermark Innovation)
Hi Jack, just to clarify on security. If you create a permission to access object ID 0, you give the user access to ALL objects of that type. In this case (assuming you copied from the Cronus Setup), you hae a group ALL, which has access to CODEUNIT 0. This means all users can access all CodeUnits. The only way to block access to CodeUnit 415, is to give users access to every Codeunit except CodeUnit 415. This is pretty easy, jsut create a simple Function (non printing report) based on the Objects table, to add these tot he required group (say ALLWHSE). Then just remove what they should not have. Then al warehouse users should have their Roles changed to point ot ALLWHSE instead of the standard ALL group.
Dear All, Thanks all of your advices and input of this topic. Hi David, I read your comment but is confused. Does the role ALL is what you mentioned group ALL? I check the role ALL has permission to execute CoudeUnit 0, hut how can I disable user run other CUs except the 415 one? What do you mean create a function basaed on object table? I’m afraid if it is possible that you could give me more detail instrucations? Thank you very much! Jack
Hi Jack, try the object here http://www.go-live.us/prod01.htm under Adding Permissions to a Role. Be careful, it is not a complete function, its just somethinb that will get you started. On the first tab, filter on the Role you want to work with, on the second tab filter on CodeUnit and ID <>415.