Setting table permissions in Navision 3.70

Hi

I am trying to set permissions so that someone can post to the GL (from manufacturing output post option) but not list the GL accounts or display the details of an account. Does anyone know how this can be acheved?

Thanks

Amal

Hi!

What you could try is, to grant the permission “Indirect” on the required transactions (Read, Insert, Modify, Delete) for the required tables as “G/L Entry” & Co. …

USers with “indirect” permission could e.g. insert “G/L Entries” via postings, but not open a form displaying directly the “G/L Entries”.

Hope this helps!

Best regards,

Hi,

Thanks. But when I gave Indirect permission, when posting the program asks for read permission to be set. First I tried with removing permission to G/L Account, G/L Entry and G/L Register.

Afer that I had to add Indirect and the Read permission - Yes to G/L Register, G/L Entry and G/L Account in that order to get the program to post. ie. Added indirect to G/L Register and tried, added yes to read permission and tried. then triend indirect to G/L Entry and so on.

If you have tried and it’s working let me know the steps to set it up.

Thanks again.

Amal

What Jörg says should definitely work. But I just took a look at CU12, and I see that it seems to be missing permission to indirectly access the GL account T15. This used to work in older versions of Navision, so its odd that it doesn’t now. The fix is to go to CU12 and add: Permissions TableData G/L Account=r

This is very odd, I can not see how a bug like this could have been in Navision so long without being reported.

An other way to limit users’ permissions might be to create a new role with the same permissions of the standard role ALL, then remove the “form” line and enter all the forms you want allow the user to see… well, maybe the best way to do that is to copy all the form lines from the All Objects view and then remove the forms you DON’T want the user to see. [:)]
When the new role is satisfactory done, put it in the user’s role list in place of the ALL role.

It’s tricky, but easier than deal with tables permissions. Don’t forget to enable the main menu form. You might do the same with reports. Better leave codeunits alone. [:)]

Hi Anna,
defintely this will work, and many clients use this approach, but Indirect permissions have been a feature of Navision for 10 years. If you look at CU22 you can see that Item is included, but in CU12 they missed out GL table.

I have implemented the method suggested by Joerg for many clients, and it works (well worked) quite well. I think this is definitely a bug in the newer versions. Though I am just wondering if maybe I just used to automatically fix the code for clients that did it that way.

OK I know what it is. I used to do it by switching off Automatic Cost posting.

Hi David,

So does this work or not?

Also I think automatic cost posting to GL is for inventory. What about Purchase invoicing and sales invoicing? How do I restrict these guys from accessing the GL?

Thanks

Amal

Basically what you need ot do is add GL account permission to CU12, this would then allow you to use indirect permissions.