Setting Up Security Filters Within Roles

Hi Forum, please can somebody advise on a problem I have with Security Filter within Role. Let me explain, my client has sales reps and wants the reps to only see their own Customers and Contacts so I firstly created a Security Role for their functional area and then applied some Security Filters to certain tables namely Customer and Contact. The problem I have is this, when they go to a Customer and then press the Sales button to look at existing orders, they get a message telling them that they do not have permision to read the Contact table if an order exists. To get around it I removed the filter but now they can see all Contacts. Also, if they create a new Contact and then try to Create it as a Customer, they get a message telling they do not have insert permission on the Customer table so I have to remove the Security Filter on the Customer table. The net result is they can now see all customers. I’m going around in a big circle here from filtering so they can only see their own Customers and Contact to allowing them to see all because they cant create Customers from Contact and cant see Orders on Customers. Can somebody please either explain what I’m doing wrong or suggest an alternative way of doing the filtering. The Navision version is 4.0 and NOT SP1. Thanks…Paul

I think is due to the control showing number of Contact in InfoPane of sales order form. You should remove that info from the sales order form. Also, in OnOpenForm of Contact Card and Contact List you should set filters consistent with Security Filters set in users permissions, otherwise the user will not be able to open those form unless the contact showed are included in their Security Filter.

If you want to allow those users to create new customer only from Contact card assign to user Indirect permission to insert customer and give the Insert permission on Customer table to Contact table.

It’s not easy to use Security Filter and usually you need to do some customization in order to make them working.

p.s.

what about creating new Contacts, did you set Security Filter also on Insert permission of Contact? Are the users able to create ne contacts?

Hi Patty,

Im not a developer, so as such I’m not sure what you mean by…

“I think is due to the control showing number of Contact in InfoPane of sales order form. You should remove that info from the sales order form.”

Also, are you saying I should do pre screen filtering on the Customer Card and Contact instead of within the Security Filter. If that is the case, how do I code this?

I’m also not sure what you mean by…

“If you want to allow those users to create new customer only from Contact card assign to user Indirect permission to insert customer and give the Insert permission on Customer table to Contact table.”

Please could you explain it more, thanks

PS, yes they are able to create new contacts, just cannot create a customre from them.

Paul

Hi Patty, I was wrong, they cannot create contacts when the Security filter is applied. Also, I was asking earlier about how to code a pre screen filter but thinking about it that would not work either because I would be hard coding the salesperson into it and this can be different depending on the sales rep so I’m really lost as to how to make this work.

In sales order form there is a control that shows the number of contacts related to the customer. That control call a function in a codeunit and that function does a get in Contact table. Therefore if user as no access to that contact he receives an error message.

just make this try: open the Sales Order form in design mode (CTRL+F2 with the cursor on the order header). On the right there is a frame named “Customer Information” where you can see Contacts and on the right of it a control having this SourceExpression “STRSUBSTNO(‘(%1)’,SalesInfoPaneMgt.CalcNoOfContacts(“Sell-to Customer No.”))” you can see it moving your mouse on the control. You should delete this from the form.

Security Filter does not filter data, it controls that user respects his limits. But when the user open a form the first time Navision show the first record in the table, if this record is not within the Security Filter the user receives an error message and is not able to open that form.

in permission of the Roles assigned to your user you should select option “Indirect” in the Insert Permission, Modify Permission field .

Then open Contact table in design, go to table properties, in Permission property click on assist edit button, it opens a Permission form, select table 18 and give all Permission to it.

hope it is clear. But I think is better you to ask a developer to support you in this setup.

to let the user insert new contact when Security Filter are set and preventing the user to see contacts that are not under their responsability, I think (sorry I didn’t try it) you have to:

  1. set the filter in on open form according to some rules/setup (e.g. assign a salesperson code to userid or viceversa, a userid is already in salesperson table but you can use it only if you enable outlook synchronization)
  2. in Contact form set the DelayedInsert property to Yes - in this way the user can assign to new contact all the attributes before inserting the record, and Navision will insert the record only when user leaves it (e.g. by clicking on Questionnaire subform) and at this time it checks for the Security Filter - otherwise the control is done as soon as the user assign a “No.” to the contact, either manually or automatically

sorry, I’m not able to explain better than this … unless you understand Italian [:)]

Hi Patty, unfortunatley I dont speak Italian other than to say thank you (but cant spell it in Italian). I have tried the things you suggested and it has solved 95% of my problems. One problem is no longer valid as the Admin dept do not want sales reps to convert Contact to Customers so that solves a bit problem and your suggestion of using the DelayInsert has resolved the Contact creation except if they go back and try and change a Contact it wont let them (any suggestions there???). [:D]

Finally, removing the Contact from the Sales Order Form solved my other problem.

I cant thank you enough, many many thanks…Paul [:)]

did you give Modify permission to user?

what’s the error message?

A solution you could use would be to use resposibility centers instead of security roles, with responsibility centers, you can assign the user to a center and the customer and contact also, this way they only see there customers and contract.

The responsibility center also filters the lookup list, so when they press the sales button to look at existing orders they see only there orders.

This should be exactly what you want.

Hi David and Patty, thank you both for your help on this one. I have now resolved it by NOT using Security Filters as they proved to be a pain in the rear. In the end I set a filter on the OnOpenForm for both the Customer Card and Contact Card. This then allowed me to do all the functionality that was required for the Sales Reps.

David, I will look at Responsibility Centres in a moment and see if we cant use this in future as it might well have saved be a few hours of pully my hair out.

Many thanks to you both and have a good one…Paul [:D]

with responsability center you can filter order not customer nor contact.

That’s right, but its still easier to extend the responsibility centre functionality than to start something new.