Hello,
After being investigating this problem, I cannot find a solution for myself.
When I try to use the new Send to Microsoft Office Word function in NAV 5.0, it goes OK if the user is dbowner, but if the user is public in SQL, I obtain a SELECT denied error for table 2000000067 "User Default Style Sheet". If I try to run this table from the object designer I get the same error.
User has SUPER role, and I have synchroniced permissions with SQL. I 've no problem to run other near tables (Style Sheet, Send-To Program). I don't understand what's happening ](*,)
Does anybody knows the solution??
Thank you,
Borja Grosso
Sevilla
0
Comments
MVP - Dynamics NAV
My BLOG
NAVERTICA a.s.
I've checked it with my last partner license, upgraded to version 5.0, and have the problem.
It goes well with the same license if I use Propietary database, or SQL Server but the user is dbowner.
No PM,please use the forum. || May the <SOLVED>-attribute be in your title!
MVP - Dynamics NAV
My BLOG
NAVERTICA a.s.
I also think it is a bug. I've just made the test with the CRONUS database and obtain the same error.
I think I use Extended Security Model, but not sure how to check this.
All my guesses are that NAV 5.0 with SQL Server 2000 permits simple and complex security model like in 4.0.
I created a Windows group for navision_users and added this group to SQL logins. I add to this group all the users in the Active Directory I want to have access to Navision.
Another thing I can tell you, altough I think it has no relation with the problem:
Before creating the SQL database from Navision I copied to the SQL BINN directory xp_ndo.dll. I don't know why, but I had to manually create extended procedure xp_ndo_enumusergroups pointing to xp_ndo.dll, and granted public execution permission. The extended procedure xp_ndo_usersids was created automatically.
2) Try to switch to simple security model (File - Database - Alter - last tab...)
MVP - Dynamics NAV
My BLOG
NAVERTICA a.s.
Knowledge base article number 943858 . (Platform update rollup)
Don't know why they require you to open a support incidence to get de update, and they don't make it available for partners in the partnersource directly.
1. I was amased at how many new tables showed up as not having permissions, considering everyone has been working fine for 18 months before the change.
2. The non-super users are not able to Send To Excel (or MS Word), getting a Read Permission problem on Table 2000000067 "User Default Style Sheet". Adding this table to the ALL Role, and even synchronising All Users does not cure the problem. ](*,)
Is this a known problem in NAV 5 SP1, and how can I cure this problem?
PS: I have had other cases where I add a Table permission to ALL. and it did not do the trick. I had to Remove a lesser permission to the same table from another Role (used by the same user) to get it to work. I am starting to suspect that the SQL C/SIDE Client might not be using the greater of the permissions..
In most cases this could be fixed by assigning the required permissions directly in "SQL Server Management Studio"; for example: Instead of "ALL" you could also specify SELECT, UPDATE etc..
Does this help?
Regards,
Jörg
NAV/SQL Performance Optimization & Troubleshooting
STRYK System Improvement
The Blog - The Book - The Tool
Obviously this defeats the pupose of the NAV security amangement somewhat, but at least I know that there are some anomalies still in this side of Permissions in SQL, that will hopefully be resolved at some stage (soon?).
I have another Issue, this time to do with using (Domain) Security Groups in NAV. I found I could not use them at all (Tried on three different installations - they all do exactly the same, using both NAV V5 SP1 and NAV 2009).
If I add a NAV Windows Login, that is a Security Group, with some Role Assigned, I can no longer Synchronise the Permissions from NAV. I get the SQL Error ...Cannot find the user '$ndo$ar$<very_long_number>', because it does not exists, or you do not have permission. This happens on the T_SQL GRANT statement.
I am trying this as a user with sysadmin and am also the db_owner.
Much as I would prefer to use them, I have given up trying to user Groups for now, assigning Roles directly to the Windows Users.
Also a know issue, or am I consistently not uderstanding something here, do you think?
PS: What is the best channel to give this type of feedback, hopefully for the developers to try and resolve?
Kind regards,
Theo
I recommend to look into the NAV Security Models: obviously you are using "Enhanced" security, but I would prefer "Standard". Maybe changing the SM would also solve this error?
please look into the "Installation & System Management (SQL)" PDF to compare both SM.
Regards,
Jörg
NAV/SQL Performance Optimization & Troubleshooting
STRYK System Improvement
The Blog - The Book - The Tool
Has happened when setting up a test server with two different NAV databases taken from Live which have been configured by different MS partners and with very different pedigrees. Works OK if switched to Standard Security - unfortunately this is not an option for the moment.
Groups are Domain Local, members are in local domain, members are also added as windows logins in Navision and I'm doing all this as sysadmin on SQL server. Synchronise All fails and so does Synchronise Single Login for each user that is a member of a group with a role defined. The $ndo$ar$<very long number> not found message equates to the Application Role for that particular user (or first one enumerated if Sync ALL) with the long hex number equating to the user's SID. It can't find it because it gets removed at some point (can't remember if it this is when the group is added, role added to group or the first sync is attempted in this state).
Current version is NAV 2009 RTM with SQL 2005 SP3 so obvious question is whether this problem goes away with a SP1 or a further rollup?
Does anyone know?