Switching from Enhanced to Standard Security

sil21

I would like to switch a databsae from Enhanced to Standard security in a NAV 2009 database. These are the steps I have:

1. make sure no one is in NAV
2. set db to single user
3. switch security model
4. unclick single user
5. sync security

Have I missed anything? Any othe gotchas I should be aware of?

DenSter

No need to synchronize after it's set to standard. Sometimes when you set the database to single user from the NAV client, the system hangs. I always use SSMS to set the database to single user.

Marije_Brummel

Make sure to switch of the nasses. And if you don't make sure you have the credentials for the nas users.

been-there-done-that-got-the-t-shirt...

kriki

DenSter wrote:

No need to synchronize after it's set to standard. Sometimes when you set the database to single user from the NAV client, the system hangs. I always use SSMS to set the database to single user.

I noticed that the system hangs because someone is still in the DB. There is never a lock-timeout in this case.

diptish.naskar

Why is it not necessary to synchronize the users when the db is set to standard mode?

kriki

NAV has its own security system (users+roles+permissions).
Also SQL has a security system that works independently from the NAV security system.
Meaning: if you are a sysadmin in SQL, you can delete the NAV DB and you can read from/write to it via SQL. But if you want to enter through the NAV client it is possible you can't if the admin has no rights in NAV (the sysadmin can easily hack this by inserting records in the NAV security tables).

To avoid there are to independent security systems, you can push the NAV security to the SQL server by using the enhanced security model and synchronizing.

If you use the standard model, it is NAV that decides if you can do something. And if you can, it sends it to SQL. In this case the NAV client has permissions in SQL to do anything in the tables. This way you don't need to synchronize anymore.