I've just discovered that my knowledge about security models in NAV was flawed. I was under the impression that you had to use the Enhanced model in order to assign permissions based groups in the AD but you can do this in the Standard model as well.
So far I've argued that the only plausible reason for using the Enhanced model was the fact that it could handle groups. Not only is this not true; the Standard model even handles groups considerably more elegant!
In fact, brushing up on my rusty skillz by reading the security model sections of w1w1isql.pdf, I'm hard pressed to come up with any reason why you should select the Enhanced model - and why this is indeed the default setting when creating a new database.
The only redeeming feature of the Enhanced model seems to be that you can assign "extra permissions" to a user, even if that user gets his "base permissions" through a group.
So, what am I missing? Surely there must be an excessively cool feature hiding in the Enhanced model that I just can't see? :-k
Brian Rocatis
Senior NAV Developer
Elbek & Vejrup
0
Comments
Actually, you can do that on Standard as well. We have users that get base permissions through AD, and then have special ADMIN groups assigned to them directly.
My Blog - nav.education
If somebody hack the NAV client, when enhanced security is used, the hacker will have still only permissions on SQL as the user have set in NAV (the application role have exactly same permissions on SQL as set in NAV). If you use the standard model, the hacker will have full access into the NAV db (the application role have all permissions on SQL on the DB).
MVP - Dynamics NAV
My BLOG
NAVERTICA a.s.
Actually the main difference between these two security models Standard and Enhanced is how they synchronize the Microsoft Dynamics NAV security system with SQL Server and the way that they integrate the Microsoft Dynamics NAV security system with Windows authentication. Standard security model creates one application role, whereas the Enhanced model creates a separate application role for each user or in other words multiple roles
To answer the question, in the Enhanced security model you will have the user permission matched to the SQL Database objects rather than NAV control the security for you. While performing the synchronization Standard security model is faster than the Enhanced security. Secondly if you change the role of an existing user in the database using the enhanced security model it becomes mandatory for you to Synchronize the user where as, in case of Standard security model if you change the role of an existing user in the database you will not have to synchronize the user in the Standard security model.
Hope this helps!
For any queries you can also visit my blog site: http://msnavarena.blogspot.com/