DB Login to Win Login

seckpin

Our company has been using database login and is considering moving to Windows login (due to lack of password policy in NAV and it is required by Internal Audit).

The estimation for this change is > 40 man days for 10 countries. We thought it is a bit too much.

Is this reasonable?

idiot

More details are needed...
1. how many users?
2. how many databases
3. how many companies in each database
4. how many roles?
5...
6...

David_Singleton

seckpin wrote:

Our company has been using database login and is considering moving to Windows login (due to lack of password policy in NAV and it is required by Internal Audit).

The estimation for this change is > 40 man days for 10 countries. We thought it is a bit too much.

Is this reasonable?

As idiot says, you need to provide more information, but assuming that one country = one database, and 4 days per database, that sounds excessive. Though that does depend how much travel time is involved for the 10 countries, I would assume that the largest part of the project will be traveling to each country.

Do you have remote access so that this can be done from one location.

seckpin

Yes, we do have remote access for all countries, so the consultants actually need not be there physically.

The additional details:
- 1 databse each county, so 10 databases in total
- the number of users are different for each country. The one with the most users are about 165, while the least is only 3 users. In total, there are about 330 users.
- each database have about 2 companies on average

So, isn't the estimate of > 40 days a bit excessive?

pri_1_ranjan

Has Roles and responsibilty has already been defined at the Navision Level? If yes, then it can be used when you are using Windows login mode and time line are a bit at higher end. If no, then the time lines is more or less ok. I would recommend more

If you are using SQL then yes, an additional configuration will be required at SQL, in case if that is your requirement.

DenSter

So if I understand correctly, you already have all users set up with database logins, and all you want to do is move them to windows logins. Presumably those Windows users have already been created, so basically all this is is get a list of database logins, map them to Windows logins and making that change in NAV?

Even if you would manually type this in, 40 days is outrageous. Do they have a team of 6 people on this or something?

David_Singleton

seckpin wrote:

Yes, we do have remote access for all countries, so the consultants actually need not be there physically.

The additional details:
- 1 databse each county, so 10 databases in total
- the number of users are different for each country. The one with the most users are about 165, while the least is only 3 users. In total, there are about 330 users.
- each database have about 2 companies on average

So, isn't the estimate of > 40 days a bit excessive?

It sounds very excesive, but then maybe it depends on the hourly rate. Remember that in the end what matters is the job cost, and some people use the formula

"Job Cost" := "Hourly Rate" * "No Of hours";

where others work on the formula

"No Of Hours" := "Job Cost" / "Hourly rate";

Assuming everything you said is correct, i.e. that the Roles and users are already created and tested in DB logins, and you just want to change to Windows logins, then yes this is ridiculous, but we can only say that because we don't know all the facts. Maybe your partner knows something that we don't.

ara3n

my guess would be that they are renaming the db users to windows users so that history stays the same?

kine

Still, do not forget needs of change in code to cover the difference like Full user name, member of etc. which must be implemented differently when using windows user (must be covered in some universal functionality, but this is not so hard to create, hard can be to use it where needed...).

seckpin

Yes, we are using SQL db and all the roles were already set up in NAV. We have been using db logins all the while, and in the recent internal audit exercise, the lack of password policy is one of the issues raised.

So the consultants said that the only way to have password policy in NAV is to change our login method to Windows login. We asked for the estimation of effort for this change, and they quoted us > 40 days.

I doubt our management will go ahead with this change since it is going to be so expensive (they said "> 40 man days", which means that it may be more). But then, it is an audit issue that we have to address. I'm thinking of another alternative, i.e. customizing password policy function in NAV for db login rather than moving everyone to Windows.

Anyone sees any possible problem with such approach?

David_Singleton

seckpin wrote:

...
I'm thinking of another alternative, i.e. customizing password policy function in NAV for db login rather than moving everyone to Windows.

Anyone sees any possible problem with such approach?

I would not recommend changing native password functinality, that for sure is the wrong thing to do. I think the alternative is to get a second quote from another company.

There is nothing stopping you from shopping around, you can buy services where ever you want.

DenSter

If it were me in your shoes, I would do a few myself, just to get an idea of what kind of work is involved, and tackle it one department at a time. I'm pretty sure you could do something quick with a dataport. I'd probably think about creating the users (they are already there anyway, you can simply add them throug Tools, Security, Windows Logins, and adding them in NAV will also add the user to SQL Server), and then importing role assignment with the dataport, or even assigning the roles manually. If you are not comfortable creating a dataport (but you said you used to work for a NAV partner, so that should not be a problem), you could run a little report off of the roles table, map the users to windows logins, hire a temp and have them key in the role assignment. I bet you'll be done in just a few days.

kine

Still, may be good way is to ask your partner what is included in this calculated time... and you can offer that something from that you can do yourself if it is possible....

seckpin

I do not think we can appraoch another solution center, as it is a bit sensitive when it comes to vendor management side. So i'll see if i can play with it a bit to understand what's invovled, and also ask the consultants to provide more details on how the estimate was derived.

Thanks all NAV gurus here who took the time to enlighten me on this.

DenSter

I just can't get over this one... There has to be more to it than just moving users. 330 users in total, 40 days, that is an average of 8.25 users per day, that's almost an hour per user, that can't be right, there has to be more.

kine

10 minutes per report which use Full user name, 10 minutes per codeunit/other object using Member of... * number of objects... 8) + time for testing all these changes...

seckpin

kine wrote:

10 minutes per report which use Full user name, 10 minutes per codeunit/other object using Member of... * number of objects... 8) + time for testing all these changes...

Hmm, now i do recall there seems to be a mention of something about coding. Probably that's why -- there are quite a number of re-coding to do for this change.

Now the estimation seems more reasonable... i'll find out more from the consultants.

Thanks, guys.

DenSter

Yes an itemized estimate of all the tasks would be very helpful.