Howdy, Stranger!
Categories
- All Categories
- 73 General
- 73 Announcements
- 66.6K Microsoft Dynamics NAV
- 18.7K NAV Three Tier
- 38.4K NAV/Navision Classic Client
- 3.6K Navision Attain
- 2.4K Navision Financials
- 115 Navision DOS
- 854 Navision e-Commerce
- 1K NAV Tips & Tricks
- 772 NAV Dutch speaking only
- 615 NAV Courses, Exams & Certification
- 2K Microsoft Dynamics-Other
- 1.5K Dynamics AX
- 301 Dynamics CRM
- 109 Dynamics GP
- 10 Dynamics SL
- 1.5K Other
- 993 SQL General
- 384 SQL Performance
- 34 SQL Tips & Tricks
- 34 Design Patterns (General & Best Practices)
- Architectural Patterns
- 10 Design Patterns
- 5 Implementation Patterns
- 53 3rd Party Products, Services & Events
- 1.7K General
- 1.1K General Chat
- 1.6K Website
- 79 Testing
- 1.2K Download section
- 23 How Tos section
- 259 Feedback
- 12 NAV TechDays 2013 Sessions
- 13 NAV TechDays 2012 Sessions
How to manage read and write permissions?
tobia
Member Posts: 3
Hi everybody, I'm a new NAV 2017 user.
I need to setup some permission rules on my ERP, I tried to understand with my consultat how to do, but I could not get a real answer and seems that my simply request is more difficult to achieve with standard NAV tools. I want to understand how other people face this problem.
Let's say that I need a "Operators" user group. Operators can do everything but add or edit items property. He can read but not add new items or edit them.
I tried to setup Operator's PermissionSet adding all TableData rows with all permissions except for Item table where I have set read only. This works, but when I post an order, the item ledger entry could change the direct unit cost of item and then it fails the item update. So maybe this limit is too strong.
Then I checked if I can use permission on Page of Items but here I cannot distinguish read ad write permissions.
I simplified my problem in only one case Operators/Items. In my real system I have to divide Commercial capabilities to Technical. Working on it I found many other strange things, for example the insertion of an Item in Transfer Order need BOM Components read permission where Transfer Order for me is a commercial document but a commercial user should not see BOM.
How would you solve this problem?
Thanks!
I need to setup some permission rules on my ERP, I tried to understand with my consultat how to do, but I could not get a real answer and seems that my simply request is more difficult to achieve with standard NAV tools. I want to understand how other people face this problem.
Let's say that I need a "Operators" user group. Operators can do everything but add or edit items property. He can read but not add new items or edit them.
I tried to setup Operator's PermissionSet adding all TableData rows with all permissions except for Item table where I have set read only. This works, but when I post an order, the item ledger entry could change the direct unit cost of item and then it fails the item update. So maybe this limit is too strong.
Then I checked if I can use permission on Page of Items but here I cannot distinguish read ad write permissions.
I simplified my problem in only one case Operators/Items. In my real system I have to divide Commercial capabilities to Technical. Working on it I found many other strange things, for example the insertion of an Item in Transfer Order need BOM Components read permission where Transfer Order for me is a commercial document but a commercial user should not see BOM.
How would you solve this problem?
Thanks!
0
Best Answer
-
Slawek_Guzek
Member Posts: 1,690
There is special Indirect permissions which allows the code to modify table on behalf of a user, but does not allow to modify the data directy.
How it works: The object which is trying to modify the Item table (codeunit 22 in this case) must have defined a permission to modify specific table. Codeunit 22 actually does have the permission to modify table 27 Item:
Then the user who needs to be allowed to post Item related stuff ( which updates an iem record in Item table), he/she needs to be granted an Indirect Modify permission to the table 27 through a role.
When such a user posts an item journal and the code hits codeunit 22 NAV will internally "combine" both users and object permission and allow the code inside codeunit 22 to do MODIFY on Item table.
Slawek Guzek
Dynamics NAV, MS SQL Server, Wherescape RED;
PRINCE2 Practitioner - License GR657010572SG
GDPR Certified Data Protection Officer - PECB License DPCDPO1025070-2018-035
Answers
How it works: The object which is trying to modify the Item table (codeunit 22 in this case) must have defined a permission to modify specific table. Codeunit 22 actually does have the permission to modify table 27 Item:
Then the user who needs to be allowed to post Item related stuff ( which updates an iem record in Item table), he/she needs to be granted an Indirect Modify permission to the table 27 through a role.
When such a user posts an item journal and the code hits codeunit 22 NAV will internally "combine" both users and object permission and allow the code inside codeunit 22 to do MODIFY on Item table.
Dynamics NAV, MS SQL Server, Wherescape RED;
PRINCE2 Practitioner - License GR657010572SG
GDPR Certified Data Protection Officer - PECB License DPCDPO1025070-2018-03
Start recording, do whatever the user should be able to do, stop recording. Now you have your permissions.
What do you mean for Record function? Codecoverage or another tool?