Howdy, Stranger!
Categories
- All Categories
- 73 General
- 73 Announcements
- 66.5K Microsoft Dynamics NAV
- 18.6K NAV Three Tier
- 38.4K NAV/Navision Classic Client
- 3.6K Navision Attain
- 2.4K Navision Financials
- 115 Navision DOS
- 854 Navision e-Commerce
- 1K NAV Tips & Tricks
- 772 NAV Dutch speaking only
- 615 NAV Courses, Exams & Certification
- 2K Microsoft Dynamics-Other
- 1.5K Dynamics AX
- 283 Dynamics CRM
- 109 Dynamics GP
- 10 Dynamics SL
- 1.5K Other
- 993 SQL General
- 384 SQL Performance
- 34 SQL Tips & Tricks
- 34 Design Patterns (General & Best Practices)
- Architectural Patterns
- 10 Design Patterns
- 5 Implementation Patterns
- 53 3rd Party Products, Services & Events
- 1.7K General
- 1.1K General Chat
- 1.6K Website
- 79 Testing
- 1.2K Download section
- 23 How Tos section
- 259 Feedback
- 12 NAV TechDays 2013 Sessions
- 13 NAV TechDays 2012 Sessions
Options
Automatic sync with Enhanced Security
afarr
Member Posts: 287
We have a Nav 5.01 SQL database, with Enhanced security.
We understand that users are not suppposed to be synchronised automatically in the Enhanced model.
However, users *are* getting synced automatically:
1. If a Windows login is added in Nav, it is automatically added in SQL Server.
2. Suppose user1 exists in Nav, but it has been removed from SQL Manager (so user1 cannot access the database); while user2 never existed in Nav or in SQL. If we now add user2 in Nav, then in SQL Server, both user1 and user2 have access to the database.
Do you know how to stop this automatic synchronisation?
Thanks,
Alastair
We understand that users are not suppposed to be synchronised automatically in the Enhanced model.
However, users *are* getting synced automatically:
1. If a Windows login is added in Nav, it is automatically added in SQL Server.
2. Suppose user1 exists in Nav, but it has been removed from SQL Manager (so user1 cannot access the database); while user2 never existed in Nav or in SQL. If we now add user2 in Nav, then in SQL Server, both user1 and user2 have access to the database.
Do you know how to stop this automatic synchronisation?
Thanks,
Alastair
Alastair Farrugia
0
Answers
What would prevent it from happening is setting your security model to Standard.
RIS Plus, LLC
MVP - Business Apps
The Installation & System Management manual (w1w1isql.pdf) p. 121 says:
"With the Enhanced Security model, every time you create, modify or delete a Windows login or a database login, the security system is not automatically synchronized. You must remember to synchronize the security system yourself – no message is displayed!"
This automatic sync is a problem, since we would like to disable a user's access to a Navision database without removing them from Navision (so that we can then re-enable their access without having to enter all their roles again).
Thanks.
For user1 to access the database, s/he needs in SQL:
A. a User Mapping to the database
B. permissions on appropriate roles
The behavior I complained about is that the User Mapping for user1 gets created automatically.
However, user1 still can't login to the database in Navision, until they also have permissions on the roles; and those permissions are only (re)created when synchronising.
Synchronisation is the process of applying all the NAV role permissions to the relevant login/application role, and NOT just the creation of User Mappings.
P.S. If user1 is an Administrator on the server, then what I've said doesn't apply because s/he doesn't need any explicit User Mapping or permissions in SQL. If user1 is an Administrator, and exists as a Windows login in the Navision database, you can remove the User Mapping in SQL and user1 will still be able to login to the Nav database.