Hi Everyone,
I am implementing Security for one of our clients. The client is on NAV 2009 R2 and they use RTC. This is what I came up with. Rather than creating a Permission for Read, insert, modify, delete, execute permission for each Role/table data. I was thinking about making everyone a super user (aka all the users will be have Read, Insert, Modify, Delete, and Execute for every single Table, Table Data, System, Dataport, Menusuite, Codeunits, and system) but, based on the user profile in the company, they will only be able to execute certain pages and report. I have done a sanity test on my local machine and it seems to be working. However, since I have been working with NAV for only few years, I am not sure if I will run into any issues down the road. So I thought I will ask you experts.
Let me know your thoughts.
0
Comments
I would not recommend this, as SUPER user is a very powerful permission. e.g. this would allow users to change the objects, delete other users, change profile of other users.
Did you try to use this tool to set users permissions
http://www.mergetool.com/products/easysecurity.html
I hope this helps.
Thanks.
Has anyone done security this way?
I will check out the link you provided, but I doubt my manager or our client would want to foot the bill for EasySecurity.
The only thing they have to do is to run RTC client with settings command e.g.
Microsoft.Dynamics.Nav.Client.exe -settings:"...
and they will be able to change the profile and do what ever they want.
The Development environment is free for download, so they can download it, connect to database and make change.Not much effort is needed to overcome this type of security.
In my opinion hiding things does not provide any security.
I hope this helps.
Thanks.
I did it in the past as a rapid solution for a project, which I took over after somebody else. It did made the trick then, but I strongly advice against it. Then I had two groups of users, and I new that one group won't get any further access to the system any time soon... And it was classic client, not RTC.
Still this is something that you should avoid like fire. Simple issue is that when you are controlling access level based on pages, then you are forced to keep multiple copies of the same page for each access permission level (for example based on functions that users can do from a card, etc.). This can easily become complicated to control who can do what. Second issue is that you will need to spent much more time on development and testing, as each change will need to be replicated on some copies of that object.
So if you have no choice and need working solutions for this afternoon, then you can use it as a temporary solutions. But if you have some time, then invest it into building permissions levels like they are set in standard NAV. Setting it up this way will be pain at the beginning but it will pay-off.
Unfortunately I do not know any tools, which you could use under the RTC to set up permissions. Have a look in Download section, or search the forum. In classic client you could use Code Coverage or Client Monitor as a starting base. There were also tools attached to DEV Tools. CD2 of NAV 4.0... Yes I know long time ago.