User rights in Navision

jcl

I'm trying to understand the user rights definition in Navision. I've read the French "Installation and Administration" manuel but I find the explanation short and everything but clear.
Is there anyone who as a document on the user rights administration (either navision official manual, navision internal manual, or a self-made document) he could give me the reference of or a copy of?

I'm especially interested in understanding how permissions work
- what is exactly an 'indirect permission'?? Any definition a little bit clearer than the one I found in my Navision Manual('a permission you have only if nother permission is directly given to you') will help.
- what are the rules that apply when a user belong to different groups giving him different permissions on the same object. What is the permission hierarchy. Is it possible to forbid the access to an object to a user who belong to a group that has this permissions (something similar to the 'No access' in NT)??
- etc.

Thanks for your answers
Jean-Christophe

jp

Indirect permission means that the user cannot directly access the data, but they can use code to access the table.

The best example of this is the posting codeunits. A user is allowed to READ the data, but is given only indirect INSERT and MODIFY. The posting codeunit has permission properties that allow the INSERT and MODIFY.

Permissions are GRANT only. If any group grants WRITE, the user can write. There is no way to deny a particular access to the user with Navision permissions.

---

-jp

krishnad

The highest permission for an object that one has is the one that applies. If one has read permission for an object from one group and modify permission on another, the modify permission applies. There is no way to say deny a permission to anybody once it is given as in NT.

However, one can copy a group of permissions into a new one, take away a particular permission and assign it to the user in question.