User Permission and Role

-------------------------------------------------------------------------------- Hello First of all wishing all the Navision users and ppl associated with NAvision a Very HAppy New year. THis is pertaining to the qs asked by one of the users regarding assigning roles. After reading the suggestion on Navision and trying it out the following problems occur: 1. While posting a sales voucher, the posting does not get complete and a window appears that permission to read and access GL is not given. 2. Unless one’s given the role of ALL USER, one cannot open the main window. I’ll be glad if someone can expiate the reason for the same. Chitts[?]

Hi Chitts, Well here are the answers to your queries… 1. When you are posting a Sales Invoice, the system creates GL Entries and hence it modifies the GL Entry Table. The user has to be given the read and modify permissions for GL Entry table in order to post the invoice. 2. The role of All user is the basic role which is given to all the users irrespective of their role in the system. The permissions for all users contain common permissions used across the database like object id 0 (used for main menu), sorting permission, zooming permission etc. Cheers

“The user has to be given the read and modify permissions for GL Entry table in order to post the invoice.” I am under the impression that the posting codeunits have their own read-write permissions which temporarily override the use’s pemissions. Therefore, a user can post entries to ledgers which he or she is not allowed to read or write to. Of course, it is possible that I might be wrong. It is also possible that someone modified the posting routines and set the permissions incorrectly. (I have run into both possibilities in the past!)

I think you need to set the Role Permission to Indirect then set the permissions on the Posting codeunit to Insert. It won’t work if both parts are not done.

Horrigan… some of the codeunits have their own read-write permissions… some of them don’t. The way navision’s standard is setting the user’s permissions based on tables it’s really tedious… personally i prefer setting the permissions on form,report and system object (that gives most users the level of security they need) and letting all permissions on tables and codeunits, only setting up that permissions on customers that really have a good knowledge on what they’re doing… remember that whenever you’re adding objects you’ll have to add permissions on them… Regards,