Security Filter on Location Code:

shillu

Hi All,

(I am using NAV IN 4.0SP3 SQL Database.)

Is it possible to restrict a user to view sales/purchase data related to certain locations using security filters?

For ex: My Locations are A,B,C,D,E,F,G and I have three users : User1, User2 and User3.
User1 : can view, insert or modify sales/purchase data in locations A,B,D
User2 : can view, insert or modify sales/purchase data in locations C,D,E,G
User3 : can view, insert or modify sales/purchase data in locations A,E,F,G

Using Responsibility center I can restrict to only one location. But I need to restrict users to view/insert/modify for multiple locations.

So to achieve this, I have created separate Roles. For each Role -> Permissions, selected Location Table and applied a security filter on Code field according to my requirement as mentioned above. But this is also not working. The user is able to view sales/purchase data for all other locations.

Is this the only way to get this done? Or any other suggestions?

Thanks,

jigneshraval76

this type of facility not present in up to nav 5.0, we are using Nav 5.0, don't know it is in Nav 2009.

we are using this functionality. what we have done is create new table for user wise location wise transaction rights and customise each transaction according to that.

if this functionality is very important for you than u can do the same.

shillu

Yes, we need the same functionality.

But could you please explain me little better? How did u customize each transaction according to userwise location wise set up?

Thanks,
Shilpa

dmccrae

You need to set up your security filters in your roles, not on the Location table itself but on the required field of the Sales Header table (e.g. Location Code), or other target table that you want to restrict access to. What you have done currently is restricted access to the Location table.

Then, the way this will work is that the UI will automatically strip out Sales Header records where the user does not have read permission based on your security filter.

And for modifications of any kind (either from AL or directly from the UI) a permission error will occur when the security filter is violated.

One point: typically you need to set filters up for multiple related tables to get the correct restrictions you need.

You might find this link useful:

http://msdn.microsoft.com/en-us/library/dd301065.aspx

shillu

Thanks a lot.
I am also trying for the same (putting restriction on all other target tables). i think that should work.

But its a real big job..For each user, i need to define multiple roles.

For ex : My role is : S&R-Q/O/I/R/C(Create sales orders etc.). If i need to give the same role to all 3 users, I need to define a new role with differnt security filters on location code.
Becoz,
As I mentioned in my first mail, User1 has access to Locations A,B,D and User2- C,D,E,G etc.
In this case, I have to apply a security filter on all target tables for user 1 in one role. Similary for user 2 adn user 3 using different roles.

am I proceeding correct or any other suggestions pls!!!

Thanks,

FDickschat

Don't forget location code empty on sales header and lines. Otherwise the user will not be able to enter any new orders/lines.

But, your solution will probably not work because of code that loops through sales lines and does not know that there is a sec filter. You can work around this by adding direct read rights to that object and indirect read rights in a role.