Howdy, Stranger!
Categories
- All Categories
- 73 General
- 73 Announcements
- 66.6K Microsoft Dynamics NAV
- 18.7K NAV Three Tier
- 38.4K NAV/Navision Classic Client
- 3.6K Navision Attain
- 2.4K Navision Financials
- 115 Navision DOS
- 854 Navision e-Commerce
- 1K NAV Tips & Tricks
- 772 NAV Dutch speaking only
- 615 NAV Courses, Exams & Certification
- 2K Microsoft Dynamics-Other
- 1.5K Dynamics AX
- 305 Dynamics CRM
- 109 Dynamics GP
- 10 Dynamics SL
- 1.5K Other
- 993 SQL General
- 384 SQL Performance
- 34 SQL Tips & Tricks
- 34 Design Patterns (General & Best Practices)
- Architectural Patterns
- 10 Design Patterns
- 5 Implementation Patterns
- 53 3rd Party Products, Services & Events
- 1.7K General
- 1.1K General Chat
- 1.6K Website
- 79 Testing
- 1.2K Download section
- 23 How Tos section
- 260 Feedback
- 12 NAV TechDays 2013 Sessions
- 13 NAV TechDays 2012 Sessions
NAV 2009 R2 - Deny permission to modify Table Data directly
anushafdo
Member Posts: 32
Hi
We have a situation where a user needs to be given super user role except for data modification directly in object designer. We have successfully denied design related permissions to this user. He curreclty can open Object designer and do normal works except designing. But, the administration still worried about his ability to change the data directly by opening a table in Object Designer.
Can we deny only this?
I tried giving Indirect for TableData 0. But, this takes away his ability to access any data from any where.
We have a situation where a user needs to be given super user role except for data modification directly in object designer. We have successfully denied design related permissions to this user. He curreclty can open Object designer and do normal works except designing. But, the administration still worried about his ability to change the data directly by opening a table in Object Designer.
Can we deny only this?
I tried giving Indirect for TableData 0. But, this takes away his ability to access any data from any where.
0
Comments
It sounds like you are developing in production environment. They should not be developing in production environment.
Create a separate db and let them develop in there.
Even if you don't give them direct permission, they still write code to delete the data.
Salesline.deleteall, willl bring your system to a halt.
Independent Consultant/Developer
blog: https://dynamicsuser.net/nav/b/ara3n
As a second concept, important to your requirement is the separation of Table objects, which is, what you design in object designer, and TableData which is the data stored in the database, structured according to the definition in the corresponding Table object.
So, grant the user the right to do, whatever he/she needs to do, but do not grant rights to alter TableData in any undesired way.
The user needs to be assigned roles according to what he needs to work with, just as any other user. This usually is the role ALL, which grants execute access to all objects except TableData, rights to some System objects, and access to some very fundamental TableData objects. Then add roles specific to the tasks he must perform as a regular user. Most Roles, other than ALL, SUPER..., and SECURITY only grant rights to TableData objects (the view exceptions probably being bugs). Now you need to design a role patterned after the SECURITY or SUPER (NAVIPANE) roles and assign this one to the user in addition to the 'regular' ones.