Hello All,
For security reasons we need to make some strict policies for the Navision Users. I would like to know:
1. Is it possible to Rename or Remove SUPER role. When I tried renaming it didnt allow me telling that atleast one user should be there in 'SUPER'. So the name should be SUPER only and nothing else.
2. How do I create a user who has all the administrative privileges as SUPER but should not be able to perform any transactions. Usually the It team manages the application and require admin privileges like adding users, setting up roles, user setup, change log setup and privileges to configure other functionalities like Business Notifications, Employee Portal etc. But this user shoule not be able to do any posting or delelte any transactions from any of the tables.
3. Likewise we would also require to setup a 'Functional Super User' who will be like a business head but will not have any admin related privilege like adding users etc. But he should have privileges for User Setup to control the posting period, time register etc.
Please help me.
Regards
najja
0
Comments
If you need to have users able to setup the system but not posting, you need to give them permissions to insert/modify/delete the correct tables (roles, user, windows user etc.) but not give them permissions for the transactional tables (posted documents, ledger entries etc.). And vice versa for the functional admins...
MVP - Dynamics NAV
My BLOG
NAVERTICA a.s.
For the SUPER role the work around we have thought is to create a a new AD Admin User, make him the SUPER in NAV and do not reveal that account to anyone including the admin (ofcourse the AD admin will know)
Is there any better way of doing this.
Najja
There is a practical difficulty which we are not able to crack. Suppose if I create a new role, which is a SUPER (minus) Transaction Table rights and name that role as 'NAV-ADMINS'. I am giving them exclusive permissions explicitly for the following tables:
Company
Database Key Groups
Member Of
Object
Object Translation
Permission
Printer Selection
Property Store
Record Link
Report List Translation
sysdiagrams
User
User Default Style Sheet
User Menu Level
User Role
Windows Access Control
Windows Login
The problem is the users with this role can later login and add the default 'SUPER' role to himself, or any other NAV users. Is there any way we cna restrict that.
Regards
Najjaf
Access the Member Of table in design mode now in the <on validate> of the ROLE IDA field add the following code
IF "Role ID"='SUPER' THEN
ERROR('Cannot Select This Role');
Hope this would solve your problem of selecting the default SUPER role by the users.
For any queries you can also visit my blog site: http://msnavarena.blogspot.com/
MVP - Dynamics NAV
My BLOG
NAVERTICA a.s.