Security in multicompany environment

Denis_Petrov

A bit advanced question on the database security:

How to easily set up an access for a person to process let's say payroll in (only) certain companies? The issue of using field Company with proper value is understood, the problem is that we have over 170 companies and need to limit 1. So, if there are 30 roles an average user has (with ALL being first one) does it mean that each user must be set up 30*170=5100 entries? We do have few dozens users by the way.

I have been using ALL with appropriate companies setup only (other roles did not have any Company values/restrictions ), it was working fine in 3.01 native Navision. Now in 4.01 it seems to be a security breach since users without ALL CompanyX role still are able to access and view certain records in CompanyX.

All other roles do not have any forms in them, only tables. The ideal solution seems not to have CompanyX appear in the list companies...
Any ideas?

Thanks to all![/b]

jannestig

high Dennies have you read the security hardening guide which comes into effect from 4.01 onwards.

Depending upon how you have your company setup you can now use the navigation Pane as part of your security access.
This essentially assigns users to be able to acces or deny access to certain modules or forms within a company based on either a user group or individual login.

If you wish to deny access to a company completely i would use the company field, if you want to stop them having access to certain part of the company (assuming they are not super users) then restrict them via the navagation panel.

if they still have access despite the removal of all is it possible you are using windows secuirty and they are inheriting rights from another group the user belongs to ?