mibuso.com
Home NAV Three Tier

Permissions in NAV2013/How to restrict access to pages

BGRBGR Member Posts: 8
edited 2014-09-04 in NAV Three Tier
I have a situation when I need to set up permission for a user. Hi is allowed to post to GL account but is not allowed to see GL entries. I need to restrict an access to GL entries page.
How can I do that?

Comments

  • TonyDuarteTonyDuarte Member Posts: 92
    Think you can do that using the Permission table, and setting up a configuration for that.
    Give that table a look and see if it can help or not :)
  • vaprogvaprog Member Posts: 1,140
    You cannot revoke permission, you can only grant it.
    You should not grant permission on an object level, but rather on a data level. That is, grant permissions on tabledata objects only, just as the standard does. System (pseudo-)objects are exempt from this rule.

    In your case, use indirect permissions, so he can access the relevant data by using other objects (namely the posing codeunits), but not see or manipulate the data directly on pages.
  • BGRBGR Member Posts: 8
    I did following:
    Object type - Table data
    Object no. -17
    Read permissions - Yes
    Insert permissions - Indirect
    Modify Permissions - Indirect

    The user can post Sales/Purchase invoice (which is good) and can see GL entries (which is NOT good)

    If I change Read permissions to Indirect the user can't see GL entries (which is OK) but he can't post Sales/Purchase invoice (which is not OK)

    The questions is how to setup permissions to allow the user to post sale/purchase invoice but do not let him to see GL entries???
  • navuser1navuser1 Member Posts: 1,329
    Use record level security filter and check.
    Now or Never
  • vaprogvaprog Member Posts: 1,140
    You need to find out, which object needs the read permission and add that permission to that object's permissions property. after that you can go with indirect read permission in the role.
    If permission is required to calculate flow fields, you might consider editing the permission property of the table containing the FlowField.
  • Rob_HansenRob_Hansen Member Posts: 296
    This type of request is pretty common. NAV's out-of-the-box security is all table-based (all users have access to all pages, reports, etc. and are only restricted based on table permissions).

    Assuming it's okay for them to see amounts on the G/L Account card / Chart of Accounts and you just need to limit the ability to see the specific G/L entries, the steps (at a high level) are as follows:

    - From the ALL or BASIC role (Depending on the version) remove permissions for Page 0 (Form 0 if you're on an older release or non-RTC) and Report 0
    - Use the All Permissions action (if you're on NAV 2013+) to add all pages and reports to the role (if you're on an older/Classic release, drill up to the object list and select/copy all forms and reports, then paste them back into the role) and give execute permission
    - Remove the sensitive pages/reports/forms
    - i.e. Delete the General Ledger Entries page permission
    - Also delete permission to reports that show G/L entries, like the G/L Register and Trial Balance Detail/Summary
    Rob Hansen
    http://www.epimatic.com
  • BGRBGR Member Posts: 8
    Thank you so much rdhansen :thumbsup:
  • Rob_HansenRob_Hansen Member Posts: 296
    No problem BGR!

    As a coincidence, we had to look at something along these lines (not quite the same, but similar) for a client this week. They are on NAV 2009 so this may not cover it all, but I searched for reports with a G/L Entry data item so we could remove permissions for those. There are a few we didn't worry about (related to consolidations), but the report IDs were: 4, 35, 86, 91, 10009, 10010, 10019, 10021.

    Also keep in mind that if the customer has Analysis Views set up, you may need to block those pages and related reports from being accessed as well.
    Rob Hansen
    http://www.epimatic.com
Sign In or Register to comment.