Implementing NAV Security

nvermanverma Member Posts: 396
Hi Everyone,

I am implementing Security for one of our clients. The client is on NAV 2009 R2 and they use RTC. This is what I came up with. Rather than creating a Permission for Read, insert, modify, delete, execute permission for each Role/table data. I was thinking about making everyone a super user (aka all the users will be have Read, Insert, Modify, Delete, and Execute for every single Table, Table Data, System, Dataport, Menusuite, Codeunits, and system) but, based on the user profile in the company, they will only be able to execute certain pages and report. I have done a sanity test on my local machine and it seems to be working. However, since I have been working with NAV for only few years, I am not sure if I will run into any issues down the road. So I thought I will ask you experts.

Let me know your thoughts.

Comments

  • vremeni4vremeni4 Member Posts: 323
    Hi,

    I would not recommend this, as SUPER user is a very powerful permission. e.g. this would allow users to change the objects, delete other users, change profile of other users.

    Did you try to use this tool to set users permissions
    http://www.mergetool.com/products/easysecurity.html

    I hope this helps.
    Thanks.
  • nvermanverma Member Posts: 396
    But since the client uses RTC, they wont have access to classic client. Thus they wont be able to change the user permissions, or delete users and in terms of changing profile, we can just not give them access to those forms.

    Has anyone done security this way?

    I will check out the link you provided, but I doubt my manager or our client would want to foot the bill for EasySecurity.
  • vremeni4vremeni4 Member Posts: 323
    Hi,

    The only thing they have to do is to run RTC client with settings command e.g.
    Microsoft.Dynamics.Nav.Client.exe -settings:"...

    and they will be able to change the profile and do what ever they want.
    The Development environment is free for download, so they can download it, connect to database and make change.Not much effort is needed to overcome this type of security.

    In my opinion hiding things does not provide any security.

    I hope this helps.
    Thanks.
  • krzychub83krzychub83 Member Posts: 120
    I guess you thought about Super (Data) instead of Super permission levels.

    I did it in the past as a rapid solution for a project, which I took over after somebody else. It did made the trick then, but I strongly advice against it. Then I had two groups of users, and I new that one group won't get any further access to the system any time soon... And it was classic client, not RTC.

    Still this is something that you should avoid like fire. Simple issue is that when you are controlling access level based on pages, then you are forced to keep multiple copies of the same page for each access permission level (for example based on functions that users can do from a card, etc.). This can easily become complicated to control who can do what. Second issue is that you will need to spent much more time on development and testing, as each change will need to be replicated on some copies of that object.

    So if you have no choice and need working solutions for this afternoon, then you can use it as a temporary solutions. But if you have some time, then invest it into building permissions levels like they are set in standard NAV. Setting it up this way will be pain at the beginning but it will pay-off.

    Unfortunately I do not know any tools, which you could use under the RTC to set up permissions. Have a look in Download section, or search the forum. In classic client you could use Code Coverage or Client Monitor as a starting base. There were also tools attached to DEV Tools. CD2 of NAV 4.0... Yes I know long time ago.
Sign In or Register to comment.