Updating Tables via Enterprise Manager
eparty
Member Posts: 24
Hello everyone,
I was reading the official Information & Systems Management / Navision SQL server option manual and saw the following paragraph:
Direct Access to Navision Tables on SQL Server
Because of the security risk involved in using an open database such as SQL Server, all permissions to access Navision tables in SQL Server directly, using various SQL Server tools, must be granted permissions by a SQL Server administrator from outside Navision. A login created in Navision will have a corresponding login and database user account
in SQL Server. This database user account does not grant the user any permissions on any SQL Server object stored in the database, regardless of whether the user has been granted permissions in Navision or not. Therefore, if the user logs on to the server from outside Navision, with a tool such as Microsoft Enterprise Manager, they will not be granted access to any SQL Server object stored in the Navision part of the database.
The reason I was looking into this is because the ALL Navision role contains a modify permission permission to the Change_Log_Entry table. Thus, I am thinking that a user will be able to modify the table when connected directly to the database. I personally do not think that the above paragraph is true. Afterall, I did connect to the Navision database via Enterpise Manager and was able to run SELECT statements on any table I wanted (and I did not have superuser access). If the above "official" statement held true, then I should not be even able to run SELECT statements.
Is my assumption correct or is there something that I misunderstood?
Many thanks in advance for your input!
I was reading the official Information & Systems Management / Navision SQL server option manual and saw the following paragraph:
Direct Access to Navision Tables on SQL Server
Because of the security risk involved in using an open database such as SQL Server, all permissions to access Navision tables in SQL Server directly, using various SQL Server tools, must be granted permissions by a SQL Server administrator from outside Navision. A login created in Navision will have a corresponding login and database user account
in SQL Server. This database user account does not grant the user any permissions on any SQL Server object stored in the database, regardless of whether the user has been granted permissions in Navision or not. Therefore, if the user logs on to the server from outside Navision, with a tool such as Microsoft Enterprise Manager, they will not be granted access to any SQL Server object stored in the Navision part of the database.
The reason I was looking into this is because the ALL Navision role contains a modify permission permission to the Change_Log_Entry table. Thus, I am thinking that a user will be able to modify the table when connected directly to the database. I personally do not think that the above paragraph is true. Afterall, I did connect to the Navision database via Enterpise Manager and was able to run SELECT statements on any table I wanted (and I did not have superuser access). If the above "official" statement held true, then I should not be even able to run SELECT statements.
Is my assumption correct or is there something that I misunderstood?
Many thanks in advance for your input!
0
Comments
-
Until 3.70 (and also from 4.00SP3 with standard security model), Navision goes through a stored procedure to access the DB, so the users need only public access to the DB. Of course, if you give more permissions (like dbowner)....
In 4.XX and 5.00 with enhanced security model, it is possible to use the security directly on the tables. This means that it is possible to read the tables with an external tool (=not the Navision-client).Regards,Alain Krikilion
No PM,please use the forum. || May the <SOLVED>-attribute be in your title!0 -
kriki wrote:In 4.XX and 5.00 with enhanced security model, it is possible to use the security directly on the tables. This means that it is possible to read the tables with an external tool (=not the Navision-client).
I must disagree. The permissions are still granted just for the application role for the user and not directly to the user. It means, user cannot access the tables directly through external tools.
For eparty:
You do not be afraid of this. If you do not set the permissions to the user in MS SQL Server tools, they will be not able to do anything directly in the DB. NAV is setting the permission just to the application role which is used just by NAV client and cannot be used in another way (just NAV client knows the password for this application role).0
Categories
- All Categories
- 73 General
- 73 Announcements
- 66.6K Microsoft Dynamics NAV
- 18.7K NAV Three Tier
- 38.4K NAV/Navision Classic Client
- 3.6K Navision Attain
- 2.4K Navision Financials
- 116 Navision DOS
- 851 Navision e-Commerce
- 1K NAV Tips & Tricks
- 772 NAV Dutch speaking only
- 617 NAV Courses, Exams & Certification
- 2K Microsoft Dynamics-Other
- 1.5K Dynamics AX
- 320 Dynamics CRM
- 111 Dynamics GP
- 10 Dynamics SL
- 1.5K Other
- 990 SQL General
- 383 SQL Performance
- 34 SQL Tips & Tricks
- 35 Design Patterns (General & Best Practices)
- 1 Architectural Patterns
- 10 Design Patterns
- 5 Implementation Patterns
- 53 3rd Party Products, Services & Events
- 1.6K General
- 1.1K General Chat
- 1.6K Website
- 83 Testing
- 1.2K Download section
- 23 How Tos section
- 252 Feedback
- 12 NAV TechDays 2013 Sessions
- 13 NAV TechDays 2012 Sessions