User Roles - Quotes vs. Orders

Martin_Davis

Hi all,

I am trying to configure a user (a sales agent in this case) in NAV 5 SP3 but I have run into a problem. My aim is to allow the user to have full control of Quotes (Form 41 etc.) but to have limited Read-Only access to orders (Form 42 etc.). As the table is the same for both objects I tried changing the permissions of the quote form to Read only but nothing changed - I am still able to insert/Modify/Delete/...

Can anyone help me out?

Thanks in advance....

Tomas

Martin Davis wrote:

Hi all,

I am trying to configure a user (a sales agent in this case) in NAV 5 SP3 but I have run into a problem. My aim is to allow the user to have full control of Quotes (Form 41 etc.) but to have limited Read-Only access to orders (Form 42 etc.). As the table is the same for both objects I tried changing the permissions of the quote form to Read only but nothing changed - I am still able to insert/Modify/Delete/...

Can anyone help me out?

Thanks in advance....

As these both quotes and orders are saved in the same table, I doubt you will manage to set "correct" permissions without any specific customizations.

matttrax

You can look into security filters if you are on SQL, but these have some draw backs. Unless it is a hard split between people who can see quotes and people who can see orders it can cause problems.

A basic modification to the forms is probably easiest.

kapil4dynamics

Easiest way would be to copy this form in 50k series and make that form editable and give access to this form to the specified users. I find it easy to manage, though bad thing is unnecessary eating the objects.

David_Singleton

Martin Davis wrote:

Hi all,

I am trying to configure a user (a sales agent in this case) in NAV 5 SP3 but I have run into a problem. My aim is to allow the user to have full control of Quotes (Form 41 etc.) but to have limited Read-Only access to orders (Form 42 etc.). As the table is the same for both objects I tried changing the permissions of the quote form to Read only but nothing changed - I am still able to insert/Modify/Delete/...

Can anyone help me out?

Thanks in advance....

This is a simple requirement needing no new objects and no code.

What you are doign is correct. But, my guess is that if you go to roles and look at ALL you will see that by default Navision gives the ALL group access to FORM 0 this gives full permission to all users to all forms. You will need to remove this from the ALL role, and rework the logic.

Unfortunately it means a lot of work to set up the users that need restricted permissions. remember that in Navision you can add permissions, but you can't remove them.

If its only one or two users that need this, then I would make up a new Role ALLNOFORM, copy the existing ALL permissions to this, but remove the permission to FORM 0. Then create a new role QUOTES and add to that all the form permissions needed by the user that will work only with quotes. Then assign ALLNOFORM and QUOTES to the user of course remove ALL.

ayhan06

Martin Davis wrote:

Hi all,

I am trying to configure a user (a sales agent in this case) in NAV 5 SP3 but I have run into a problem. My aim is to allow the user to have full control of Quotes (Form 41 etc.) but to have limited Read-Only access to orders (Form 42 etc.). As the table is the same for both objects I tried changing the permissions of the quote form to Read only but nothing changed - I am still able to insert/Modify/Delete/...

Can anyone help me out?

Thanks in advance....

you can't do this with security filters because you can not define different permission for a specific table based on security filters.

creating custom forms in 50K range is not solution because user can reach original order and quote forms from several forms like customer card.

David Singleton wrote:

Martin Davis wrote:

Hi all,

I am trying to configure a user (a sales agent in this case) in NAV 5 SP3 but I have run into a problem. My aim is to allow the user to have full control of Quotes (Form 41 etc.) but to have limited Read-Only access to orders (Form 42 etc.). As the table is the same for both objects I tried changing the permissions of the quote form to Read only but nothing changed - I am still able to insert/Modify/Delete/...

Can anyone help me out?

Thanks in advance....

This is a simple requirement needing no new objects and no code.

What you are doign is correct. But, my guess is that if you go to roles and look at ALL you will see that by default Navision gives the ALL group access to FORM 0 this gives full permission to all users to all forms. You will need to remove this from the ALL role, and rework the logic.

Unfortunately it means a lot of work to set up the users that need restricted permissions. remember that in Navision you can add permissions, but you can't remove them.

If its only one or two users that need this, then I would make up a new Role ALLNOFORM, copy the existing ALL permissions to this, but remove the permission to FORM 0. Then create a new role QUOTES and add to that all the form permissions needed by the user that will work only with quotes. Then assign ALLNOFORM and QUOTES to the user of course remove ALL.

your requirement is not related to form permissions. in your situation, user should read quote and order form.

If you want user to be able to modify quotes and only read orders, you should make custumization..

David_Singleton

I give up!

Go ahead and pay your partner to write lots of code that you will then have to pay to maintain later.

](*,) ](*,) ](*,) ](*,) ](*,) ](*,)

matttrax

David is correct, it can be done completely through roles and permissions.

There is no need for any modification. Setting up security takes time, but once it's working...it works. No need to maintain custom objects later on.

hawkeye

Maybe far out, but if you make a boolean on the usersetup to tell you if the user is allowed to modify/insert/delete in the record you could make the following code on OnInsert, OnModify and AnDelete


If SalesHeader."Document Type" <> "Document type"::Quote then begin
UserSetup.get(USERID);
If Not UserSetup."Allow To See Other Than Quotes Boolean" then
Error('I´m sorry kid - you are not allowed ;o)');
End;


Or sometihing like that

edit: you would need to do something like that on the salesline too. Maybe build a function instead, so you don´t have to write the same code 6 times. What if you want to make changes ;o)

David_Singleton

hawkeye wrote:

Maybe far out, but if you make a boolean on the usersetup to tell you if the user is allowed to modify/insert/delete in the record you could make the following code on OnInsert, OnModify and AnDelete


If SalesHeader."Document Type" <> "Document type"::Quote then begin
UserSetup.get(USERID);
If Not UserSetup."Allow To See Other Than Quotes Boolean" then
Error('I´m sorry kid - you are not allowed ;o)');
End;


Or sometihing like that

edit: you would need to do something like that on the salesline too. Maybe build a function instead, so you don´t have to write the same code 6 times. What if you want to make changes ;o)

WHY? :x [-X ](*,)

hawkeye

David Singleton wrote:

WHY? :x [-X ](*,)

Living on the edge \:D/

matttrax

David Singleton wrote:

WHY? :x [-X ](*,)

You know why User setup field + OnOpenForm code = 5 minutes. Actual working security in NAV = not 5 minutes (although granted for one form it's pretty quick).