Restrict user from seeing the session table

aliennav

Hi
I want to provide a user the rights of SUPER, but not the session table.
How is it possible??

JedrzejT

Hi
just create role with all permission without the session table.

matttrax

I think you can create a role called NOSESSION that denies access to the Session table. The deny should override any roles that give access to the table.

If not you'll have to add all tables (instead of Table 0) and remove the session table from that role.

gerdhuebner

aliennav wrote:

Hi
I want to provide a user the rights of SUPER, but not the session table.
How is it possible??

There is another problem: Suppose you have succeeded with the corresponding setup of permissions. How can you avoid that this "SUPER"-User will not grant the missing right to himself again? - Obviously he should not have any write permissions to tables like "User Role", Permission, etc., too.

matttrax

gerdhuebner wrote:

Obviously he should not have any write permissions to tables like "User Role", Permission, etc., too.

Excellent point. You'll want to take away all permissions for insert / modify / delete on these role and permission tables.

aliennav

Than for your inputs guys!!

infonote

Programmatically you can use USERID to only allow one particular used to modify data in the session table.
This will work if you use NAV SQL not NAV Native.

matttrax wrote:

gerdhuebner wrote:

Obviously he should not have any write permissions to tables like "User Role", Permission, etc., too.

Excellent point. You'll want to take away all permissions for insert / modify / delete on these role and permission tables.