We have a Nav 5.01 SQL database, with Enhanced security.
We understand that users are not suppposed to be synchronised automatically in the Enhanced model.
However, users *are* getting synced automatically:
1. If a Windows login is added in Nav, it is automatically added in SQL Server.
2. Suppose user1 exists in Nav, but it has been removed from SQL Manager (so user1 cannot access the database); while user2 never existed in Nav or in SQL. If we now add user2 in Nav, then in SQL Server, both user1 and user2 have access to the database.
Do you know how to stop this automatic synchronisation?
Thanks,
Alastair
Alastair Farrugia
0
Answers
What would prevent it from happening is setting your security model to Standard.
RIS Plus, LLC
MVP - Business Apps
The Installation & System Management manual (w1w1isql.pdf) p. 121 says:
"With the Enhanced Security model, every time you create, modify or delete a Windows login or a database login, the security system is not automatically synchronized. You must remember to synchronize the security system yourself – no message is displayed!"
This automatic sync is a problem, since we would like to disable a user's access to a Navision database without removing them from Navision (so that we can then re-enable their access without having to enter all their roles again).
Thanks.
For user1 to access the database, s/he needs in SQL:
A. a User Mapping to the database
B. permissions on appropriate roles
The behavior I complained about is that the User Mapping for user1 gets created automatically.
However, user1 still can't login to the database in Navision, until they also have permissions on the roles; and those permissions are only (re)created when synchronising.
Synchronisation is the process of applying all the NAV role permissions to the relevant login/application role, and NOT just the creation of User Mappings.
P.S. If user1 is an Administrator on the server, then what I've said doesn't apply because s/he doesn't need any explicit User Mapping or permissions in SQL. If user1 is an Administrator, and exists as a Windows login in the Navision database, you can remove the User Mapping in SQL and user1 will still be able to login to the Nav database.