I’m trying to understand the user rights definition in Navision. I’ve read the French “Installation and Administration” manuel but I find the explanation short and everything but clear. Is there anyone who as a document on the user rights administration (either navision official manual, navision internal manual, or a self-made document) he could give me the reference of or a copy of? Thanks for your answers Jean-Christophe
I forgot to say… I’m especially interested in understanding how permissions work - what is exactly an ‘indirect permission’?? Any definition a little bit clearer than the one I found in my Navision Manual(‘a permission you have only if another permission is directly given to you’) will help. - what are the rules that apply when a user belong to different groups giving him different permissions on the same object. What is the permission hierarchy. Is it possible to forbid the access to an object to a user who belongs to a group that is granted this permissions (something similar to the ‘No access’ in NT)?? - etc.
Hi, Permissions are connected to Groups, and Users belong to at least one Group. For example: Group A has permission 1, 2 and 3 Group B has permission 4 and 5 Group C has permission 1 and 6 User X belong to Group A and therefore has perm. 1,2,3 User Y belong to Group B+C and therefore has perm. 1,4,5,6 User Z belong to Group C and therefore has perm. 1,6 Now, what are permissions then? There are 3 areas, Object Permissions, Data Permissions and System Object Permissions. Object Permissions gives a Group permission to Read, Insert, Modify, Delete og eXecute and object (RIMDX). That is, a Group og salespersons can hace RX om Form 42, which gives them permission to Read and eXecute (Run) the form (provided they have permission to actually read the Data in the form) Data Permissions are a bit more complicated, as you have both Full (RIMD) and “Half” permissions (rimd). No eXecute here. A Group can have Read, Insert, Modify and Delete (RIMD)rights on a table, which gives them right to directly manipulate the data in a table. The Group can also have (rimd) - “half” rights to a table. This means that ig a group, for example, has (Rimd) on the G/L Entry table, that they can directly read the data (the capital R) but they cannot directly insert, modify og delete (the small imd) the data. That must be done through an Object, which has the necessary other (imd) to the table - in this case probably Codeunit12. The idea here is that a user should not be able to directly modify (or insert og deltet) data, it must be done through some code, which (hopefully) is correct, and does not corrupt the data. The last permission is System Objects. For that, I suggest that you take a look at the actual system objects available in the permission setup for a group. I hope this is sufficient answer, otherwise please email me. /lstroem