Setting up permission for user

i want to set up permission for a user that it would cannot be create Invoice but available to do posting

i create a new role for it…

after that i give permission like these…

Object Type Object ID Object Name Read Permission Insert Permission Modify Permission Delete Permission Execute Permission Security Filter
Table Data 0 Yes Yes Yes Yes Yes
Table (all) Yes Yes Yes Yes Yes → except for table 36 and 27 (Sales header and Sales Line) Insert Permission (empty)
Form 0 Yes Yes Yes Yes Yes
Report 0 Yes Yes Yes Yes Yes
Dataport 0 Yes Yes Yes Yes Yes
Codeunit 0 Yes Yes Yes Yes Yes
XMLport 0 Yes Yes Yes Yes Yes
MenuSuite 0 Yes Yes Yes Yes Yes
System 0 Yes Yes Yes Yes Yes

after i setup like that, that user still available to create invoice

what did i miss??

How did you manage the exception?

To make it work you should remove the Table 0 line and give explicit permission to all the tables but 36 and 37…

i just want to block for table 36 and 37

then i click all objects, for table 36 and 37 (insert permission i changed from yes to empty)

You have to [de]assign rights to “Table Data”, not “Table”. Table is the table-definition, Table Data is - well - data…

I think Alex put it very well.

Is there any method to set permission to a specific form (not table)for Eg Sales Order in Navision. If i set permission in 36 and 37 the whole Sales Area module (eg Sales Quote , Sales Invoice etc)will reflect the settings. i need only in the Sales Order screen .So i need to set permission in form wise???

Please help me ???

Standard NAV gives permission to all forms (Objekttype=Form, ObjectId=0) - usually via role EVERYONE/ALL.

You have to delete this standard.permission and then grant permission so each and every form via [new] roles.
Then you have to connect users to the [new] roles.

This will kind of keep you busy for a while, I guess…

Thank You for your informations