Roles & permissions with SQL

jmacs

We just upgraded from the native db to SQL. Our navision reseller is completely useless. No consideration was given by the techs to Roles & permissions. Apparently SQL has different "required" tables than the native DB. Does anyone have a document that shows the standard "best practices" permissions for each Role? I asked our reseller for this, but they couldn't seem to find one.

Thanks in advance

kriki

I don't know if such a document exists, but a trick is to put on the codecoverage and run all the procedures for a certain role.
When you stop, you see to which objects it needs access.

kine

It is common problem, and I do not know about any document covering this. In my opinion there is no simple way how to precede this problem.

kine

BlackTiger wrote:

You don't need any "special permissions" for SQLNavision users. Just grant them "db_datareader" and "db_datawrites" permissions and run users synchronization procedure from Navision menu. Don't try tospecify "per table" permissions, Navision uses own security system and you can easily break it. For instance, user don't have permissions to write into some table, BUT codeunit which was executed by this user can. If you'll deny write access into this table for this user on SQLServer level you will cause a lot of funny stuff.

I think you are not understanding correctly (or it is me who do not understand correctly... ) the problem is, that if you have working permissions on Native DB and you transfer it on MS SQL, you can have problem with permissions for tables which never were used on the Native DB and you need to add new permissions into Navision. It is common for example when reading empty table. Native DB do not need permissions for this empty table, but SQL needs the permissions to be able to found that the table is empty... :-)

kine

But this is not good security practice.

giulio.cipo

Hi,

there is some documentation / tool that usually i use for permission:

user right setup (navision Tool CD) or you can find information in installation and configuration (was free few month ago in microsoft website).

you other docuemnt on the instalaltion CD.
these is all the docuementation that i have read and i think that could help you

AEklund

Remember, navision has application level security, it is a perfectly fine best practice to let it do what it was designed for. SQL level security clearance is only required if you expose the database, and if you do that address security for those areas exposed...

Waldo

FYI,
There are some tools in the download section of mibuso as well ... .

ashisha

Waldo wrote:

FYI,
There are some tools in the download section of mibuso as well ... .

i have up grad the navision 5.0 to sql server 2005.at this instant how i can set the security.
when i delete all data fron user and permission table then on navision with sql server option is working fine .but when i do not delete data from user and permission table then shows the message at time of opening database with sql server option please help me how i can set the same security as ncside client in navision with sql server option
please help me as soon as poosible.

ashisha

ashisha wrote:

Waldo wrote:

FYI,
There are some tools in the download section of mibuso as well ... .

i have up grad the navision 5.0 to sql server 2005.at this instant how i can set the security.
when i delete all data fron user and permission table then on navision with sql server option is working fine .but when i do not delete data from user and permission table then shows the message at time of opening database with sql server option please help me how i can set the same security as ncside client in navision with sql server option
please help me as soon as poosible.

Actually i want to say when i copy the data from user table on up gradation to sql server proces then i feced some problem opening the database please help me how i can solve this.