Permission Insert Table 18 Customer - How to prevent

andy76

Hello,

I cannot understand why certain users can insert new customer both by form 21 and trasforming a sales offer with a contact in sales order creating a new customer.
We use SQL Server 2005 and only Windows Authentication with NAV 5.0.

Filtering the table 2000000005 - Permission for TableData, Object ID: 18 - Customer , Insert Permission <> '' (blank) we only have 2 roles :

S&R-CUSTOMER, EDIT
EP-EINRICHTUNG

and think that are standard.

The windows user that should not insert the customers don't have these roles.
So, what should I check?

Thank you

JamieHurst

Andy -- Do you have any "Table Data" Permissions where Object ID = 0 & Insert <> blank? This would allow someone to insert in any table.

andy76

Applying the filter you wrote me I obtain these 3 standard roles:

ALL
SUPER
SUPER (DATA)

and think that they are standard ones.


If I eliminate the filter Insert Permission <>' ' we obtain 2 other roles created by us but they have Insert Permission blank -> prohibited

Is that ok?

Thank you very much

andy76

I found a role custom by us with form 0 and Insert Permission = yes

Could be this the cause of the problem?

Thank you

JamieHurst

I think it's your "ALL" role. Standard NAV's ALL role doesn't include a TableData permission for object 0. If you have one with insert rights, and if your "ALL" role is assigned to all of your users, then everyone can insert in every table...

But I'd be careful removing this. Your phone is likely to light up.

I don't know much about Form-level permissions, so I'm not sure what "Insert" gives you on object 0. You could test this, though.

FYI, we just started using Easy Security and love it.

andy76

Are you sure that standard ALL doesn't have Insert Privileges for all table (0).
Tomorrow I will check with other databases or Cronus...

It is too strange!

JamieHurst

Well, 99% sure. Here's my Cronus: