Nav 5.0 permission error (VSIFT) after technical upgrade

a9ta

BACKGROUND: I have done a technical (client update) from 4.0 SP3 to 5.0 SP1 on the SQL version of Navision. All the users in the database have roles set up.
They use enhanced security model, and all users were syncronised after the upgrade.

PROBLEM: After the upgrade the users trying to register sales orders get the error message:
The SELECT permission was denied on the object 'CompanyName$SalesLine$VSIFT$1, database ' Databasename', schema 'dbo'

WORKAROUND: I had to set the users to role SUPER for them to be able to register orders.

QUESTION: How do I fix this? I have never seen errors including the VSIFT, and in Navision I can only set up the sales line, and that table is already set up.
I have heard that chanching the security model can take up to 3 days, so that is really not an option.

kriki

Changing the security model can take some time, but not 3 days. It can take 3 hours (and that is long!).
The best is to change the security model to fix the problem.
Otherwise you need to synchronize and THAT can take up to 3 days (depends on how many users you have and how many companies).

a9ta

Hi! Found a solution myself. I created a new role ALL2 and copied the permissions from the ALL role in 5.0 SP1. There are some new systemtables in 5.0, that all user should have permission to.

ma

Have to raise this issue again as we have similar problem (5.01 R2 client). After migration to SQL, every time we activate SIFT index users start getting "denied select permission to VSIFT" error. To fix it quickly I had to add select permission on VSIFT to [public] role. This fixed it till the moment the object gets updated and then (because permission was assigned not to application role, but to database role) you need to update permissions again. With 9 companies in database it is real time waster.

What kind of permission (which system table?) has to be added to all users permissions list to get permission to new VSIFT assigned automatically on application level when this VSIFT is activated?

gerrykistler

I am not sure but here are the Table Data permissions from the ALL group in 2009 in the attached for the system tables.

ma

Thanks. From this list (apart from those 2009 version specific tables) we do not have only 2000000061 "User Menu Level" assigned. I am not sure adding this table will help, but I will give it a test.

[Update] Adding permission to this table did not help.

[Update2] Checked another database with Standard security model (the one we are having problem with is on Enhanced security model), application role $ndo$shadow is responsible for giving access to VSIFT.
But there is no $ndo$shadow in Enhanced model and all those (well, basically those which have access to the table where we activate VSIFT) $ndo$ar$... roles should now be added to VSIFT permissions list. But it is not happening. What can be a reason?

[Update3] User $ndo$ar$... role appeared in VSIFT permissions list only after I synchronized user. Does this :shock: mean that we have to synchronize all users each time we update table with activated VSIFT??

kriki

[Update3] User $ndo$ar$... role appeared in VSIFT permissions list only after I synchronized user. Does this :shock: mean that we have to synchronize all users each time we update table with activated VSIFT??[/quote]
Yes. Each time 'anything' changes on a table, a synchronize is necessary.
That is the reason everyone advices to use standard security model.