Windows or NAV Authentication

Today many Dynamics NAV 2013 installations use Windows Authentication. Is there any problem using the NAV Authentication to avoid that every user on shared computers can access NAV. (Changing Windows account all the time is not possible).

Can there be both Windows and NAV Authentication in the same installation/database. (NAV 2013)

Thanks for your help!

Why? Switch user takes seconds…

Besides, it’s a potential security breach, if those different users have different access rights (Roles) in NAV. When you start NAV, currently logged in Win user will be authorized in NAV automatically (if he HAS NAV Win login, of course) bypassing the NAV logon dialog.

Theoretically YES, but then both for MSSQL server itself and NAV. It’ll be a complicated task to administer these users, but it can be done.

Thanks for your reply, we are aware of the potential risc.

The installation is now with Windows Authencation. Changing to only NAV Authencation for all users could also be a solution. This would make it easier, right?

Any NOT good thing about using NAV Authencation?

of course eliminates the problem with autologon I mentioned. The only issue could be that NAV authentication is more complicated to administer & manage.

Additionally, Win security works when NAV DB is accessed by OTHER means, not thru NAV client, say, some third party reporting tools, including but not limited to SSRS, OLAP. and MS Excel PowerPivot. However, this might not be an issue, as usually those users who perform such tasks have much higher level of data access rights per se than ,say, warehouse workers or data entry operators.

Problem is, that NAV DB logins are in fact a relict, a heritage of NAV Natvie DB, and majority if installations use Win integrated security for years already - practically a mass move to Win logons started many years ago as soon as MSSQL was added as an option.

MS discontinued NAV Native DB several versions ago, only option now is MSSQL DB. Who knows how long will SQL support dual authorisation - already now it’s disabled by default. I guess that built-in sa account will remain as backdoor forever, but what will happen to others…

The dual authentication of Microsoft SQL Server was originally added to allow SQL Server to be sold into companies that did not use Microsoft Windows networks. As long as other network options are in the market, I would expect that Microsoft will retain this feature. Of course this is all speculation on my part, but I would argue that it is fair speculation.