NAV Table access outside of Role permissions
brownfc
Member Posts: 8
Hi,
we run NAV 5 SP1 on a SQL 2005 Database with Enhanced Security. Everything seems ok but I've come across a strange issue that I hope someone can help with. Our users have a Windows AD Login account to access NAV and the NAV Roles are assigned to Windows Groups instead of the individual user accounts. I've noticed that a user can access a table within NAV even though the NAV role assigned to that user doesn't include access to this table. I thought that the SQL Public Role might have been used to assign more permissions than the default settings but it doesn't seem so.
Can anyone explain how a user can access a table even though they haven't been assigned permission via a NAV Role? I think this points to SQL permissions.
Thanks.
we run NAV 5 SP1 on a SQL 2005 Database with Enhanced Security. Everything seems ok but I've come across a strange issue that I hope someone can help with. Our users have a Windows AD Login account to access NAV and the NAV Roles are assigned to Windows Groups instead of the individual user accounts. I've noticed that a user can access a table within NAV even though the NAV role assigned to that user doesn't include access to this table. I thought that the SQL Public Role might have been used to assign more permissions than the default settings but it doesn't seem so.
Can anyone explain how a user can access a table even though they haven't been assigned permission via a NAV Role? I think this points to SQL permissions.
Thanks.
0
Comments
-
Hi!
Maybe this could help you: http://dynamicsuser.net/blogs/stryk/archive/2010/02/16/extended-database-hardening-nav-sql.aspxJörg A. Stryk (MVP - Dynamics NAV)
NAV/SQL Performance Optimization & Troubleshooting
STRYK System Improvement
The Blog - The Book - The Tool0 -
I think I might know what is allowing a user to access tables even though their NAV roles should prevent it - there is a Active Directory Group on the SQL Server (in both Logins and Users) that has been assigned db-owner rights but this AD Group must have been deleted from AD as it doesn't exisit anymore. I assume this user was a member of this Group as the name of the group implies that included all NAV users. When you delete a Group from AD it still remains in SQL Logins and Users unless you delete it. I came across a posting that mentions the same thing. The user is a member of other NAV realted AD Groups but it looks like it still retains the DB_Owner permissions even though the AD Group has been deleted.
http://ask.sqlservercentral.com/questio ... issio.html0
Categories
- All Categories
- 73 General
- 73 Announcements
- 66.6K Microsoft Dynamics NAV
- 18.7K NAV Three Tier
- 38.4K NAV/Navision Classic Client
- 3.6K Navision Attain
- 2.4K Navision Financials
- 116 Navision DOS
- 851 Navision e-Commerce
- 1K NAV Tips & Tricks
- 772 NAV Dutch speaking only
- 617 NAV Courses, Exams & Certification
- 2K Microsoft Dynamics-Other
- 1.5K Dynamics AX
- 321 Dynamics CRM
- 111 Dynamics GP
- 10 Dynamics SL
- 1.5K Other
- 990 SQL General
- 383 SQL Performance
- 34 SQL Tips & Tricks
- 35 Design Patterns (General & Best Practices)
- 1 Architectural Patterns
- 10 Design Patterns
- 5 Implementation Patterns
- 53 3rd Party Products, Services & Events
- 1.6K General
- 1.1K General Chat
- 1.6K Website
- 83 Testing
- 1.2K Download section
- 23 How Tos section
- 252 Feedback
- 12 NAV TechDays 2013 Sessions
- 13 NAV TechDays 2012 Sessions