Setting up user roles

abartonicek

I did read some documentation about setting user roles but I have some blanks.
If I have line like this:

Object Type  Object ID  Object Name  Read Permission  Insert Permission  Modify Permission  Delete Permission  Execute Permission  Security Filter
Form	         0                     Yes              Yes                Yes               Yes                 Yes

that means that user with that role has all permissions on all forms.
Same goes for Table Data, Table,....
I'm I wright?
What if I want to restrict some users (role) from opening some form?
What should I do?
If I add a line just for that form whit only read permission then it doesn't work.
Basically, what I now think is that I can't give all the permissions and then take it away for just one form (or any other object type).
For example, if I want to give all the permissions for all forms except for form 88 I should do what?

Marije_Brummel

No. this cannot be done.

You have to give permissions for each form in the database.

You can make some reversetool that does it for you, but that is customisation.

abartonicek

](*,)
This is very frustrating way to setup permissions.
I hoped I was wrong but...

Thanks for quick replay.

abartonicek

What about indirect permissions?
If I give all permissions to certain form that doesn't mean that user can change, add,... data in that form's source table?
Am I wright?
If I want to do it in that way I would have to add permissions for that tables to that form object (trough permission property)!
Am I wright?
Is there any better way?

kine

The Navision permission system is "optimistic" - there is just "Allow" permission. If some role allow to read the data or run the form, you do not have way how to say "Rejec" or "Deny". It means, if you want to allow user to run all forms except one, you need to add Yes permissions to all forms except the one. This can be done through the button "All objects" on the permission form. This button will open list of all objects with the permissions based on current permission in the selected role, you can change the permission on the objects - for example delete the Yes on the selected form, and click OK. After that, the system will fill the permission table with all needed lines to set the permission as you set in the form...

AAL

Kine is correct,

Using the permissions, you would need to explicitly define all forms that you want a user to have. by allowing Form 0, that will allow access to all forms.

A common developemnt that i have used was putting a boolean field in the User setup table, and then checking this field to see if a user can open this form in the On Open trigger of the Form.

Again this would require development.

Good Luck with this.

Alan