Howdy, Stranger!
Categories
- All Categories
- 73 General
- 73 Announcements
- 66.5K Microsoft Dynamics NAV
- 18.5K NAV Three Tier
- 38.4K NAV/Navision Classic Client
- 3.6K Navision Attain
- 2.4K Navision Financials
- 115 Navision DOS
- 854 Navision e-Commerce
- 1K NAV Tips & Tricks
- 772 NAV Dutch speaking only
- 615 NAV Courses, Exams & Certification
- 2K Microsoft Dynamics-Other
- 1.5K Dynamics AX
- 262 Dynamics CRM
- 109 Dynamics GP
- 10 Dynamics SL
- 1.5K Other
- 992 SQL General
- 385 SQL Performance
- 33 SQL Tips & Tricks
- 34 Design Patterns (General & Best Practices)
- Architectural Patterns
- 10 Design Patterns
- 5 Implementation Patterns
- 53 3rd Party Products, Services & Events
- 1.7K General
- 1.1K General Chat
- 1.6K Website
- 79 Testing
- 1.2K Download section
- 23 How Tos section
- 259 Feedback
- 12 NAV TechDays 2013 Sessions
- 13 NAV TechDays 2012 Sessions
Options
Trying to establish permissions so a user can only give permissions that they have.
aseigle
Member Posts: 207
I have the requirement where I want to be able to establish permissions for a user, and that user can modify or delete permissions for other users, assuming they have permission to the object.
I've read in the following MSDN article that in 2009, it was possible with a role called SECURITY. https://msdn.microsoft.com/en-us/library/dd568744(v=nav.60).aspx Here is the exerpt:
Can access tables and functions that are related to security information, which include users and permissions. Users with this role can grant permissions to others but can only grant permissions that they have. Therefore, if you want to create an "area superuser," then you should give the person the SECURITY role and permissions for the areas, such as Purchases & Payables, for which they can grant and revoke permissions for other users.
The same MSDN article for 2016 changes the description slightly, and implies the same is not true. https://msdn.microsoft.com/en-us/library/dd568744(v=nav.90).aspx Where it says:
Can create new users and assign them the same permission sets. Must be able to access the User, User Property, Permission Set, and Access Control tables.
For example, you can create a SECURITY permission set that includes the four required tables and any additional permissions that you want to include. You can then assign this permission set to a user who is a department administrator. This user can then administer permissions for other users in their department.
Only a user who has the SUPER permission set can create and modify a SECURITY permission set. Users who have this permission set can assign the same permissions to other users, but they cannot assign themselves the SUPER permission set.
Does anybody have any experience with this, and have you achieved what I'm looking to do without modifications?
Thanks in advance.
Adam
I've read in the following MSDN article that in 2009, it was possible with a role called SECURITY. https://msdn.microsoft.com/en-us/library/dd568744(v=nav.60).aspx Here is the exerpt:
Can access tables and functions that are related to security information, which include users and permissions. Users with this role can grant permissions to others but can only grant permissions that they have. Therefore, if you want to create an "area superuser," then you should give the person the SECURITY role and permissions for the areas, such as Purchases & Payables, for which they can grant and revoke permissions for other users.
The same MSDN article for 2016 changes the description slightly, and implies the same is not true. https://msdn.microsoft.com/en-us/library/dd568744(v=nav.90).aspx Where it says:
Can create new users and assign them the same permission sets. Must be able to access the User, User Property, Permission Set, and Access Control tables.
For example, you can create a SECURITY permission set that includes the four required tables and any additional permissions that you want to include. You can then assign this permission set to a user who is a department administrator. This user can then administer permissions for other users in their department.
Only a user who has the SUPER permission set can create and modify a SECURITY permission set. Users who have this permission set can assign the same permissions to other users, but they cannot assign themselves the SUPER permission set.
Does anybody have any experience with this, and have you achieved what I'm looking to do without modifications?
Thanks in advance.
Adam
0