Hi there,
I have this form where HR user can create new users
Create new user here refers to create new SQL server login and database login
All this long, when i develop the form, i'm using SUPER user to test and everything is working fine.
Then it's time to go live. Client assigned 1 user who will be in charge to use that form with HR USER role and ALL role.
The HR USER role only give permission to objects used on that form.
When this HR USER tried to create new user using that form, got error
"You do not have permission to read G/L Account table"
while that form doesn't have any relation to G/L Account table
If i give permission for that user to the G/L Account table, later it will get similar error message but different table name
"You do not have permission to read G/L Entry table"
"You do not have permission to read Cust. Ledger Entry table"
"You do not have permission to read Item table"
"You do not have permission to read Item Ledger Entry table"
"You do not have permission to read Sales Header table"
"You do not have permission to read Sales Line table"
and many more
I dont want to give SUPER role for that HR user.
anyone can help me here?
any alternative I can do other than giving that HR user a SUPER role?
is it only SUPER user allowed to do something like creating new user?
need enlightenment :-k
thanks before
0
Comments
Pargesoft
to assign Roles and Permissions in NAV you need to be assigned to SUPER or SECURITY roles in NAV!
To set up the Logins/Users in SQL Server you need to be sysadmin or db_securityadmin.
Read the manual about details!
NAV/SQL Performance Optimization & Troubleshooting
STRYK System Improvement
The Blog - The Book - The Tool
NO WAY! :shock:
NAV roles and permissions should be handled within NAV, only the minimum required SQL roles should be assigned.
Fiddling with NAV permissions "outside" NAV could raise a real security-issue!
More about that: http://dynamicsuser.net/blogs/stryk/archive/2010/02/16/extended-database-hardening-nav-sql.aspx
NAV/SQL Performance Optimization & Troubleshooting
STRYK System Improvement
The Blog - The Book - The Tool
thanks for the suggestion, but it doesnt work
I have tried to give SECURITY role and on SQL, it's already sysadmin for that user, but still got the same error.
any other idea why?
NAV/SQL Performance Optimization & Troubleshooting
STRYK System Improvement
The Blog - The Book - The Tool
If you require a user with minimum rights to create users and assign permissions then why do you want to use super user? The permissions on the sql side will be similar for both users and nothing extra is handled on sql side. In fact creating an additional super user has more risk than the the model I recommended.
If they handle these issues with only one super user of course this is better but if company requires more users to deal with these issues I think my suggestion is not a shocking model:)
Pargesoft
Where do you try to give permissions? Is it a custom form or the standart database logins form?
Pargesoft