NAV 2016 Web client URL - Changing Company Name in url ignores NAV security
kar100
Member Posts: 11
We have installed and configured NAV 2016 web client. Works fine.
However, it appears to be possible to simply change the company name element of the url and this by-passes NAV security.
Example:
Two NAV companies, Company A and Company B
User only has access to Company A as per NAV security permissions
URL for web client is https://xxxxxxx/yyy/WebClient/?company=Company A but if user changes url to https://xxxxxxx/DEV/WebClient/?company=Company B then then can access Company B, overriding security.
If they try to change company via 'My Settings' they (correctly) get an error.
However, it appears to be possible to simply change the company name element of the url and this by-passes NAV security.
Example:
Two NAV companies, Company A and Company B
User only has access to Company A as per NAV security permissions
URL for web client is https://xxxxxxx/yyy/WebClient/?company=Company A but if user changes url to https://xxxxxxx/DEV/WebClient/?company=Company B then then can access Company B, overriding security.
If they try to change company via 'My Settings' they (correctly) get an error.
0
Categories
- All Categories
- 73 General
- 73 Announcements
- 66.7K Microsoft Dynamics NAV
- 18.7K NAV Three Tier
- 38.4K NAV/Navision Classic Client
- 3.6K Navision Attain
- 2.4K Navision Financials
- 116 Navision DOS
- 851 Navision e-Commerce
- 1K NAV Tips & Tricks
- 772 NAV Dutch speaking only
- 617 NAV Courses, Exams & Certification
- 2K Microsoft Dynamics-Other
- 1.5K Dynamics AX
- 326 Dynamics CRM
- 111 Dynamics GP
- 10 Dynamics SL
- 1.5K Other
- 990 SQL General
- 383 SQL Performance
- 34 SQL Tips & Tricks
- 35 Design Patterns (General & Best Practices)
- 1 Architectural Patterns
- 10 Design Patterns
- 5 Implementation Patterns
- 53 3rd Party Products, Services & Events
- 1.6K General
- 1.1K General Chat
- 1.6K Website
- 83 Testing
- 1.2K Download section
- 23 How Tos section
- 252 Feedback
- 12 NAV TechDays 2013 Sessions
- 13 NAV TechDays 2012 Sessions