Options

NAV 2009 R2 - Deny permission to modify Table Data directly

anushafdoanushafdo Member Posts: 32
Hi
We have a situation where a user needs to be given super user role except for data modification directly in object designer. We have successfully denied design related permissions to this user. He curreclty can open Object designer and do normal works except designing. But, the administration still worried about his ability to change the data directly by opening a table in Object Designer.

Can we deny only this?

I tried giving Indirect for TableData 0. But, this takes away his ability to access any data from any where.

Comments

  • Options
    ara3nara3n Member Posts: 9,256
    I don't understand why you are giving a user permission to object designer.

    It sounds like you are developing in production environment. They should not be developing in production environment.


    Create a separate db and let them develop in there.

    Even if you don't give them direct permission, they still write code to delete the data.

    Salesline.deleteall, willl bring your system to a halt.
    Ahmed Rashed Amini
    Independent Consultant/Developer


    blog: https://dynamicsuser.net/nav/b/ara3n
  • Options
    vaprogvaprog Member Posts: 1,125
    You cannot deny rights in NAV, you can only grant rights.

    As a second concept, important to your requirement is the separation of Table objects, which is, what you design in object designer, and TableData which is the data stored in the database, structured according to the definition in the corresponding Table object.

    So, grant the user the right to do, whatever he/she needs to do, but do not grant rights to alter TableData in any undesired way.

    The user needs to be assigned roles according to what he needs to work with, just as any other user. This usually is the role ALL, which grants execute access to all objects except TableData, rights to some System objects, and access to some very fundamental TableData objects. Then add roles specific to the tasks he must perform as a regular user. Most Roles, other than ALL, SUPER..., and SECURITY only grant rights to TableData objects (the view exceptions probably being bugs). Now you need to design a role patterned after the SECURITY or SUPER (NAVIPANE) roles and assign this one to the user in addition to the 'regular' ones.
Sign In or Register to comment.