RTC Security Question

johnh3johnh3 Member Posts: 3
edited 2010-01-27 in NAV Three Tier
Is there a way of setting up security using Role Tailored Client in such a way that a person who has the ability to post Purchase or Sales Orders (Receipts/Shipments) does not also have the ability to see GL account balances? In classic client I would have just removed the ability of a user to update their navigation. My problem in RTC is that they can always seem to access the ability to update their Navigation Pane which allows them to add back the Finance navigations. Does anyone have a good solution for this in RTC?

Thanks in advance,

John

Comments

  • alexpeckalexpeck Member, Microsoft Employee Posts: 37
    It sounds like you should be using the security system to enforce this. Can you create a permission role where the user is denied create/read/update/delete/exec on the source tables and denied execute on the pages?

    This is more secure than hiding the navigation controls, and would also stop a user from, say, opening the client from the command line on a specific page.

    Alex
  • johnh3johnh3 Member Posts: 3
    So far I have not been successfull creating a role that can indirectly post to a GL via a Sales Order or Purchase Order but cannot view the GL if they have access via Navigation. The fundamental issue is that a person who works in Shipping or Receiving should not be able to view GL balances. I have not been able to solve this with roles and permissions. If anyone has figured out a way to do this, please let me know.
  • alexpeckalexpeck Member, Microsoft Employee Posts: 37
    What happens if you assign the 'Shipping and receiving' role indirect insert/modify permission to GL Balances, and the give the page/form they use to access it permission to GL Balances? This way the page has the table permission, and the user has indirect table permission.

    For this to work, the page/form where the user shouldn't see the table data must not have the table permission. Furthermore, the user must not be assigned another role which grants them permission. This could happen, for example, if you assigned them the SUPER role in addition to your 'Shipping and receiving' role. This is because NAV gives the user the union of the permissions granted by all their assigned roles.

    Alex
Sign In or Register to comment.