Problem with user security/access
Gumleguf
Member Posts: 38
Hi
On a DK 4.00 SP3 (runtime 5.0 SP1) database running on SQL2005, we have a very strange problem.
It seems that we are not able to control the behaviour of some users (how many is yet to be determined), meaning that even if we delete them as users in Navision (Windows-logon) they can still open the database and company.
According to the DBA, the users are not setup with super-super-admin-rights on SQL, nor are they members of AD groups with admin rights.
Have you heard of anything similar? Is there some tables somewhere in Navision I should take look at?
I forgot to mention that recently the Security model was changed from Enhanced to Standard.
/G
On a DK 4.00 SP3 (runtime 5.0 SP1) database running on SQL2005, we have a very strange problem.
It seems that we are not able to control the behaviour of some users (how many is yet to be determined), meaning that even if we delete them as users in Navision (Windows-logon) they can still open the database and company.
According to the DBA, the users are not setup with super-super-admin-rights on SQL, nor are they members of AD groups with admin rights.
Have you heard of anything similar? Is there some tables somewhere in Navision I should take look at?
I forgot to mention that recently the Security model was changed from Enhanced to Standard.
/G
0
Comments
-
1) Windows users or DB Users?
2) Have you run the Synchronize all after the sec. model change?
3) If windows users, have you some windows group defined as windows users in NAV?0 -
Hi kine,
1) Users are setup as Windows-login users in Navision. Even if we delete them from the Windows-login users list in Navision and synchronize, they can still log in with SUPER permissions! :shock:
2) Yes, we have synchronized numerous times.
3) No AD groups are defined under Windows-logins in Navision.
So, objectively seen everything should work and we should be able to control user access for all users, but apparantly some of the users are "out of reach". It's so strange...
/G0 -
There must be something overlooked.
1) Check the "member of" on user in AD
2) Check server permissions of all users and all groups they are members of on SQL
Of course, if there is o user in NAV, everybody could login. Check that there is at least one DB user or Win user with SUPER role.0 -
I agree to your observation. Unfortunately I do not have access to the SQL server or AD myself - this is done by a 3rd party DBA/sysadm.
1) I suggested this to the DBA/sysadm and am expecting a reply on that.
2) I also suggested that and am equally waiting for a reply.
3) There are users (many, in fact) in NAV. I can confirm that at least one Win user has SUPER role.
I have suggested two possible scenarios for the DBA. Either he investigates and compares a "faulty" user profile to a "working" user profile (would probably take him some time), or he can simply create an exact copy of a "faulty" user profile and if this also fails, we KNOW it's a problem with access rights. If the exact copy however works, then something has gone out of synch somewhere for the "faulty" profile, I guess...
/G0 -
Categories
- All Categories
- 73 General
- 73 Announcements
- 66.6K Microsoft Dynamics NAV
- 18.7K NAV Three Tier
- 38.4K NAV/Navision Classic Client
- 3.6K Navision Attain
- 2.4K Navision Financials
- 116 Navision DOS
- 851 Navision e-Commerce
- 1K NAV Tips & Tricks
- 772 NAV Dutch speaking only
- 617 NAV Courses, Exams & Certification
- 2K Microsoft Dynamics-Other
- 1.5K Dynamics AX
- 320 Dynamics CRM
- 111 Dynamics GP
- 10 Dynamics SL
- 1.5K Other
- 990 SQL General
- 383 SQL Performance
- 34 SQL Tips & Tricks
- 35 Design Patterns (General & Best Practices)
- 1 Architectural Patterns
- 10 Design Patterns
- 5 Implementation Patterns
- 53 3rd Party Products, Services & Events
- 1.6K General
- 1.1K General Chat
- 1.6K Website
- 83 Testing
- 1.2K Download section
- 23 How Tos section
- 252 Feedback
- 12 NAV TechDays 2013 Sessions
- 13 NAV TechDays 2012 Sessions