Hi,
Currently a third party application connect to a MS Dyn NAV Web Service with a windowslogin which has the role SUPER. Know I try to specify more precise the permissions.
My example Web Service is a published "Item" Page (30). I try to get work, that the Web Service user can only read data (read, readMultiple) and can
not create, update, etc.
I already figure it out, that the Webservice User need read access to:
- Table "Item" (27) <-- clear!
- Table "Web Service" (2000000076)
- Page "Item Card" (30)
But it still not enought. Have someone experience with that?
Thank you for any help
Comments
Is the 3rd party application outside your network or is it run on your own network?
Epimatic Corp.
http://www.epimatic.com
Unfortunately, I had only a readable error-message befor i include the table "Web Service". That was a hint, that I have to include the "Web Service" Table. Now, the interaction between the third party application and MS Dyn NAV abort while the "readMultiple" function call.
I don't have any Log Events in the MS Windows Event Table
Are they other place to look after displayed logs (in MS Dyn NAV f.e. - I don't know about logging function inside MS Dyn NAV)?
My environment:
They are in the same network, but not in the same Domain
The third party application is java based and it does authenticate with NTLM
The interaction between the application works great as long as the webservice user has the role "super"
MVP - Dynamics NAV
My BLOG
NAVERTICA a.s.
My second approach was to find out which table are involved with SQL Server Profiler (tracert). But it wasn't successful yet. I found a lot of other tables which are touched by the Webserice call. For example
- Dimension
- Dimension Translation
- User Metadata
- General Ledger Setup
- Item Ledger Entry
- Purchase Line
- ...
I put them all in the permission table for the specific role. But as I already wrote, it wasn't successful.Any other ideas?
I'm not 100% sure on the individual permissions, in the past I've worked with services that have SUPER permissions as those processes tend to need to go all over NAV. There may be more than just table permissions - there may be some other object or executable permissions that need to be set.
Epimatic Corp.
http://www.epimatic.com
I don't want to give this webshopuser SUPER - rights. I have to publish the MS Dyn NAV Webservices user and password informationen. So everyone who can read the Interface, could log into MS Dyn NAV with SUPER permission.
Has someone an idea how I can solve that or know a workaround
Have you searched around on MSDN's NAV section or Partnersource? Those are the best places that I can think to start looking. Also check out Freddy's blog or any of the other MSDN Blogs.
Epimatic Corp.
http://www.epimatic.com