Role & Permission Management

rolandjn29 · March 19, 2003, 9:57pm

Can anyone out there tell me how to assign a role or roles to a specific user through the TOOLS / SECURITY / Database Login? I have been trying to lock down the users on the system with out success. Right now all the users have ADMIN rights. Not Good for us. I have had some training on the program but now that the original administrator is gone, it is now my job and I am desperate. There are no instructions to do this in the manuals we have. And I cannot find any websites with this information. Can anyone help me, or at least suggest a website the has the answers I am looking for? Please Help Rolandjn29@msn.com Thank You in advance.

eromein · March 20, 2003, 8:01am

ouch… This is not easy to explain. I suggest you read the manual carefully and take a good look at Cronus (standard demo company). It’s recommended to use the Cronus setup for your own company. This should give you a good start.

Adam_Seaton · March 20, 2003, 1:18pm

Security is more of an art than a science! but the manuals have fairly good instruction in setting up the basics. They should be available on the product cd - I’ll mail you the UK version when I find it. I guess the security basics are the same. To assign the predefined roles you should be able to: Select the database login, select the roles button. Click into the Role ID field on a blank line, use the look-up and then select the appropriate role. Move to the second line and repeat as necessary. The basisc roles are self explanatory and usually sufficient for a basic set-up. Be sure to give every user the ‘ALL’ role as this gives access to basic essential features that everyone will need. As a general rule I would give the users less rather than more. Users will soon shout if they can’t get access to something that they need - but won’t be so quick to admit they have access to sensitive information when they shouldn’t. Be patient - a good security set-up evolves over time, not over-night.

Sandy · March 20, 2003, 1:48pm

I too am at this point. We have been running Navision wide open (virtually no securities) for about 6 months now, and it’s time to start clamping down on things. The route that I took, is that I copied all the security setting into Excel and simply went to each user, and sat at their computer and said…“ok, now what do you do…” and as we went through it all in Navision I checked it off a spreadsheet. Locking everything down went very easy, I’ve only had a few complaints of “I can’t do this!”. The details of how to the Securities is found in the “Navision - Install and Management” manual. If you don’t have a North American copy yet, let me know and I’ll send you a copy of ours. Good Luck!

Andre_DDB · March 20, 2003, 2:10pm

Hi

quote:

Originally posted by Adam Seaton
… As a general rule I would give the users less rather than more. Users will soon shout if they can’t get access to something that they need - but won’t be so quick to admit they have access to sensitive information when they shouldn’t. Be patient - a good security set-up evolves over time, not over-night.

I Agree ! [:D] Don’t forget to tell the users that they will receive errors within this period. If you can’t do this please select for normal users at least Super (Data). So they can’t change the objects. bye André

CMDunbar · March 20, 2003, 2:11pm

As a Navision Implementations Consultant, I believe part of my job is to get a list of users & job tasks of a new installation, and then set this up with the system administrator of the site in question. It sounds like Sandy has had to do this without any help!?!?!? I would suggest that if you’re an end-user, make a list of Navision users with their job tasks and then speak to your NSC and either ask for some pointers or give them the job to do! Failing that, all I can suggest is trial & error - using the standard Navision Groups.

Sandy · March 21, 2003, 1:43pm

You correct that I did not receieve any direct assistance in setting this up, BUT we were trying to cut some corners, and the security settings is something that I could muddle through myself, (comes from experience as an IT Manager, and dealing with Network Security settings) We did not pay for the complete setup of the system, therefor I didn’t expect our Navision Consultants to assist us w/o asking for it.

CMDunbar · March 21, 2003, 3:48pm

The fact that so many ‘experienced’ Navision consultants find the task of setting up security / permissions for an installation, should raise alarm bells even for IT Managers. Although you may be an experienced IT Manager (and I have no doubt you are), this ‘beast’ really should be set up by a consultant with the experience of other Navision installations. Coupled with the fact that I would’ve thought, a IT Manager would have loads of other tasks to complete and therefore not have any free time to learn (through trial and error), how to set users permissions within Navision. My congratulations to all those who have successfully set up permissions in a new installation of Navision Finacials / Navision Attain / Microsoft Navision Version - I find it one hell of a pain in the butt. [:D]

apertierra · March 21, 2003, 4:03pm

Ok… here comes an easier way than the one it’s supposed to be coming from Navision. Navision bases all their security sistem on the standard sample roles on tables security… well… for most users that’s a pain as they don’t really know what process affect each table and they’ve to use the trial/error way on all the company processes (the more they do the more it takes to test). A more easy approach for the “IT Managers” should be using the security based on Forms/reports permissions: If by default you remove permissions to run the reports and forms in the application and then set the forms and reports the user it’s going to use the process of setting up the security will go really faster. The problem it’s that if you need to give read only permissions you’re still needing to play with the tables security anyways… About the fact of not spending time on setting up things… well… it’s up to your company to think what makes more loss for them… the money it will cost giving training to a user on security setup or having users able of deleting the database or the company… Regards,

Andre_DDB · March 21, 2003, 4:23pm

Hi

quote:

Originally posted by apertierra
… having users able of deleting the database or the company… …

It could be exciting![:D]

quote:

Originally posted by CMDunbar
… My congratulations to all those who have successfully set up permissions in a new installation of Navision Finacials / Navision Attain / Microsoft Navision Version - I find it one hell of a pain in the butt. [:D] …

Really such a pain? While installing and testing our 3.01 database it was a part of the training by our NSC. They suggested us to set only table rights. We started with the standard roles (e.g. all sales relevant roles for the sales department etc.). Then we used the ‘trial and error’ - method. Whenever an error came up we changed the roles. We’ve needed almost one week. Then the most user rights were ready for normal work. bye André

rolandjn29 · March 24, 2003, 10:44pm

quote:

Originally posted by Andre DDB
Hi

quote:

Originally posted by apertierra
… having users able of deleting the database or the company… …

It could be exciting![:D]

quote:

Originally posted by CMDunbar
… My congratulations to all those who have successfully set up permissions in a new installation of Navision Finacials / Navision Attain / Microsoft Navision Version - I find it one hell of a pain in the butt. [:D] …

Really such a pain? While installing and testing our 3.01 database it was a part of the training by our NSC. They suggested us to set only table rights. We started with the standard roles (e.g. all sales relevant roles for the sales department etc.). Then we used the ‘trial and error’ - method. Whenever an error came up we changed the roles. We’ve needed almost one week. Then the most user rights were ready for normal work. bye André

André, I love your humor[:D] You made me laugh very hard. But I really don’t think it would be that exciting having users able of deleting the database or the company. All that have reply to my posting, THANK YOU!!![:D] This information has been very helpful. It is nice to know that there still are decent humans that are still willing to help each other.[:)] Lets just hope the future is just as bright. [8D] And as for André, Stop clowing around [:o)] and get back to work you silly goof. [:D] Thanks All! Roland Nisben

apertierra · March 24, 2003, 11:49pm

quote:

Originally posted by rolandjn29 André, I love your humor[:D] You made me laugh very hard. But I really don’t think it would be that exciting having users able of deleting the database or the company. All that have reply to my posting, THANK YOU!!![:D] This information has been very helpful. It is nice to know that there still are decent humans that are still willing to help each other.[:)]

Well… it could be really exciting in fact… it will open a diverse range of new opportunities for the IT manager that’s in charge of setting up the permissions… a new set of opportunities in a different company… for sure [:D]. About that thing about decent humans… [}:)]… this is an automated reply system not controlled by a human brain [:p] Regards,

Andre_DDB · March 25, 2003, 8:07am

quote:

Originally posted by apertierra
[ … About that thing about decent humans… [}:)]… this is an automated reply system not controlled by a human brain [:p] …

YEP! Just see my disclaimer! [8D] bye André