Setting up Security

I’ve read throught the posts here on setting up security but I’m still hitting a wall… here’s what I’ve got so far. - Use a ALL-WITHOUT FORMS role that allows access to all tables, codeunits, etc. - Configure each new role to allow access to the forms that they are to use. okay. I understand the logic. Giving all permisions to tables and then restricting access to those function through to the forms, BUT I enter Table 0 Yes Yes Yes Yes Yes, and I still get an error when I got to access the customer table. I assumed that Table 0 Yes Yes Yes Yes Yes, gives access to all the tables. What am I missing?

huh? Isn’t it supposed to be the other way around - giving complete access to the Forms and restricting through the Tables? Have you looked at the standard CRONUS security setup? PS: It is not Table that you need to give permission to. It is TableData.

From what I understand working this way is MUCH easier b/c of the number of tables in Navision vs. the number of forms.

Right, Nelson. and Sandy, you must assign the permissions to the tabledata! Table 0 yes… is necessary to read the table objects. In order to use the data in the tables the user must have the permission for tabledata.

By setting access to all objects except TableData you can control users to never run a report showing confidential data.

In the W1 release of MBS-Navision 3.70 there are 723 Tables and 1260 Forms. How is it possible that setting permissions on Forms is “MUCH easier” than setting them on the Table*(Data)*s??? Besides that doing it your way will absolutely NOT give you any security at all. As Arthur states, if your users can read data from a table, they can read it in Forms, Reports, Dataports… Or - if you forget to disallow this - they can just open Object Designer, run the table and laugh at security.

Using “Forms” security allows the administrator to block functions like statistics. Because the Statistics is a new form, but not a new table it allows this type of security. Example, you want a sales rep to beable to look-up and read customer information only, you can block items like the statistics that won’t give them any more information than they need to know. I can see both sides of coin…which is better?

I’m not saying you shouldn’t assign specific permissions to Forms. I’m saying you MUST assign permissions to the TableDatas. You can even consider all other security setups as “bonus” because TableDatas are the really important stuff.

And sorry if I sound too harsh but since you are setting up security, you are obviously interested in having control over the system and the users. No point in doing it if it won’t work properly, right? [;)] Take our word for it [:)]

For sure. There is no doubt that we need control over the system and users. This is what has prompted this little “heated” discussion. I’m quickly realizing the security in Navision is as flexible as the rest of the program. You can make it as easy or as complicated as you want. I just don’t want to spend all day setting up one users settings. I’m just the typical pain in the butt, I want to be able to control everything with minimul work. I think it comes down to having a combination of table data and forms security. It “doubles” the work to set up (not really), but offers the best security. Thanks for everyone’s input so far! (harsh or not :slight_smile: