User Rights/Permission

amol_salvi · April 27, 2009, 10:38am

Dear All,

I need to grant access to end users in Navision 4.0.

Can we capture each and every users works by accessing the code coverage using single machine (i.e Server).So on that basis I can provide access

Is it possible???

Regards

Amol

David_Singleton · April 27, 2009, 11:29am

That’s a bit of a loaded question.

Technically YES you can do this, and there is a tool that will capture the required objects and generate the permissions. BUT…

In the real world, you must think of this just as a starting point. The key issue is that say for example you post and Invoice. There are so many differnt options in posting, that it is extremely unlikely that you will cover them all, so soem objects will be missed. Of course its a great start, but don’t trust this to be the final version, you will still need to do some manual tuning to make it work how you need it to.

Oh anothe issue, is that sometimes the opposite can happen, where during the code coverage you accidently run somethign you didn’t mean to, and suddenly you find a whole bunch of users with permissions you never meant them to have.

amol_salvi · April 27, 2009, 12:20pm

Hi David,

Thanks for the reply.

Can you just suggest the tool that will capture the required objects and generate permission.and of course it reuired some manual fine tuning.

Please provide the tool name

Regards

Amol

stryk · April 27, 2009, 12:47pm

I guess David is referring to this one: http://www.mibuso.com/dlinfo.asp?FileID=277

Once I worked for a company which was using this to setup the user rights; that’s how they proceeded (briefly):

The IT Admins picked out some key users from every department working with NAV (usually the department managers) and trained them intensively how to use this tool
Then each key user was responsible to create the appropriate user-roles for his/herdepartment: they configered various roles for certain purposes; here recoding the business of certain users (logged on as SUPER user) until all processes where recorded. While recording, the keyuser was sitting next to the “processing” user, supervising and monitoring the recordings (avoiding anything unwanted is processed).
Once all processes - for a specific department - have been recorded, the roles where assigned to the relevant users, The keyusers got all the roles of their department

Technically, this was not that difficult, but most of the effort was spent on planning on what to record and how to structure all the rights & roles. And as David mentioned, here also a lot of “fine tuning” was necessary afterwards. So in total it took several weeks to setup all the roles.

The smart thing here - IMHO - was, that the IT guys delegated the responsibility for hardening to the department managers who are actually in charge …

Kind regards,

Jörg

David_Singleton · April 27, 2009, 1:00pm

Now that I like, very neat way to get them to take responsibility.

lholden · March 16, 2010, 3:18pm

How do you report on this…does the tool have a report?