Howdy, Stranger!
Categories
- All Categories
- 73 General
- 73 Announcements
- 66.7K Microsoft Dynamics NAV
- 18.7K NAV Three Tier
- 38.4K NAV/Navision Classic Client
- 3.6K Navision Attain
- 2.4K Navision Financials
- 115 Navision DOS
- 854 Navision e-Commerce
- 1K NAV Tips & Tricks
- 772 NAV Dutch speaking only
- 615 NAV Courses, Exams & Certification
- 2K Microsoft Dynamics-Other
- 1.5K Dynamics AX
- 317 Dynamics CRM
- 109 Dynamics GP
- 10 Dynamics SL
- 1.5K Other
- 993 SQL General
- 384 SQL Performance
- 34 SQL Tips & Tricks
- 34 Design Patterns (General & Best Practices)
- Architectural Patterns
- 10 Design Patterns
- 5 Implementation Patterns
- 53 3rd Party Products, Services & Events
- 1.6K General
- 1.1K General Chat
- 1.6K Website
- 79 Testing
- 1.2K Download section
- 23 How Tos section
- 259 Feedback
- 12 NAV TechDays 2013 Sessions
- 13 NAV TechDays 2012 Sessions
Best way to manage user permissions?
Shenpen
Member Posts: 386
I'd like to discuss about ways to manage user permissions.
Clearly this is a very problematic with Navision as there is no simple stuff like "may do invoicing" checkmarks etc. My opinion would be the following:
1) Standard roles seem to be a good point to start, with two problems:
a) f.e. permission to post shipment and to post invoice is not separated
b) a typical user needs at least 10 role
For problem a) I can't really see other result than to create some new roles by copying and manual editing.
For problem b) I plan to make some downloadable fobs to help, but cannot really decide the best way to go. Maybe you have suggestions.
- What I'm fairly sure of is that we have to organize roles into role groups.
- What I don't know is to either a) make a menu item to copy the permissions of those roles into a new, "aggregate" role or b) assign users to role groups and make a menu item to assign all roles in the role group to the users. Which would be better in you opinion?
2) Standard roles generally don't help in stuff like "may only edit own customers". To solve it with Security Filters we would have to make a role for all f.e. salesperson.
I think the solution will be to create checkmarks in User Setup, with "may only modify own customers" and like this, and then code it into the form with a filter like setfilter("Salesperson Code",'<>%1&<>%2',user,'').
Clearly this is a very problematic with Navision as there is no simple stuff like "may do invoicing" checkmarks etc. My opinion would be the following:
1) Standard roles seem to be a good point to start, with two problems:
a) f.e. permission to post shipment and to post invoice is not separated
b) a typical user needs at least 10 role
For problem a) I can't really see other result than to create some new roles by copying and manual editing.
For problem b) I plan to make some downloadable fobs to help, but cannot really decide the best way to go. Maybe you have suggestions.
- What I'm fairly sure of is that we have to organize roles into role groups.
- What I don't know is to either a) make a menu item to copy the permissions of those roles into a new, "aggregate" role or b) assign users to role groups and make a menu item to assign all roles in the role group to the users. Which would be better in you opinion?
2) Standard roles generally don't help in stuff like "may only edit own customers". To solve it with Security Filters we would have to make a role for all f.e. salesperson.
I think the solution will be to create checkmarks in User Setup, with "may only modify own customers" and like this, and then code it into the form with a filter like setfilter("Salesperson Code",'<>%1&<>%2',user,'').
Do It Yourself is they key. Standard code might work - your code surely works.
0
Comments
it doesn't really answer all your questions - but might be nice to take a look. 8-[
http://www.BiloBeauty.com
http://www.autismspeaks.org
Do It Yourself is they key. Standard code might work - your code surely works.
1) Accounting (G/L, Fixed Assets) roles seem to be OK, save for one thing: cash journals. As cash clerks are usually not accountants, they should be very restricted in what they do - especially to not post in someone else's cash journal. You need a new role that can post with a security filter to template name = cash.
And cash journal forms always need much customization, because cash clerks do not understand credit and debit, they understand money in and money out and other simple stuff. And when you customize this form then it is easy to set a filter to Journal Batch Name = USERID.
2) For creating sales and purchase documents, standard roles are OK I think. Although they allow salespeople who f.e. should make quotes only to make invoices, as long as they cannot post it they can't really make a big mess. And don't forget Responsibiltiy Centers, they are useful.
3) For posting sales and purchase document, it is clearly important to make 2 new roles separating post shipment/receipt and post invoice. Resp Centers help force people to don't touch each others orders.
4) As for warehouse, posting also should be separated, for everything else it seems to be OK. You can set warehouse employees to warehouse in the warehouse menu, and this is very good.
5) For Jobs, well, don't really know. It would be important to separate posting items, resources, g/l. Maybe new forms with hardcoded types. Actually, standard job functionality doesn't really make sense to use at all... (no tracking, no inventory adjustment... better to use a dimensions as a project code)
Manufacturing and Services seems to be OK.
So does anyone have suggestion on my Role Group tool - should it make new roles by copying permissions or assign roles to users?
Do It Yourself is they key. Standard code might work - your code surely works.