User Rights

wolftech

Hi Experts,

I am creating new rights for the user, I want the user to View Customer Master alone. In the roles I have created a new role and in Permission I have given

Table- Customer read
Table -User Setup Read
Table- General Ledger Setup Read
Form -Customer Card Read
Form -General Ledger Setup Read


But when I open the user I get following errors

a) you dont have permission to read the user setup tables
b) you dont have permission to read the General Ledger setup table
c) You dont have permission to run the MBS Menu suite.

Bit confused, What am I supposed to do.

arcull

Hi, I'm not 100% sure on this one, but I think you have to add permissions to Tabledata besides tables and forms.

kriki

-TableData: you need to give the Read-permission to READ THE DATA. Execute-permission has no sense here.
-Table,form,report,dataport,codeunit,Menusuite: Here normal users don't need read-permission. This would mean they have permission to SEE THE CODE in the object. Here you need to give execute-permission to be able to run the object.

wolftech

What is the difference between table and table data, Why am I supposed to give permission for table data also ( as mention when I give Table data it works).

What is the use of Execute field, its always non editable.

arcull

What is the difference between table and table data, Why am I supposed to give permission for table data also

TableData are the actual records (rows) in the table, while Table is the structure holding them. If you want the user to be able to see the records then you need to assign the permission for TableData, but you need permision for Table as well since records reside inside table structure. The possible case in which you would assign only Table permission might be, when you don't want the user to see the data in a certain table, but you want to allow him to execute the functions that reside inside the table structure, however such cases are rare. From my experiences I can tell you to assign permission to Table without selecting any number, this way all users will have the necessary access to all table structures and their public methods. Usually you have the case when you don't want the user to see or work on certain data, therefore the most suitable way is to properly assign TableData permission while leaving Table permission to all tables.

wolftech

What is the exact usage of selecting Indirect in the list. Can somone give some example, I read help but it didnt help me much

David_Singleton

wolftech wrote:

What is the exact usage of selecting Indirect in the list. Can somone give some example, I read help but it didnt help me much

Indirect is where you want to give a user access to a table only if they access it though some way that you control. This means that you are giving Half of the permission in one place, and the other half somewhere else.

The most common is in the posting routines. Say you want the user to be able to post an item journal, but that user is not allowed to view the item data. If you gave them rights to read the item table, then they could see the data. If you don't give them permission then they can't post, because posting the journal required reading the item data.

So what you do is in the code unit you give the codeunit HALF of the permission by having access to the Item table, and the other HALF by giving the user indirect access to the table.

if you think of it as splitting the permission in half then its much easier to understand.