Howdy, Stranger!
Categories
- All Categories
- 73 General
- 73 Announcements
- 66.6K Microsoft Dynamics NAV
- 18.7K NAV Three Tier
- 38.4K NAV/Navision Classic Client
- 3.6K Navision Attain
- 2.4K Navision Financials
- 115 Navision DOS
- 854 Navision e-Commerce
- 1K NAV Tips & Tricks
- 772 NAV Dutch speaking only
- 615 NAV Courses, Exams & Certification
- 2K Microsoft Dynamics-Other
- 1.5K Dynamics AX
- 305 Dynamics CRM
- 109 Dynamics GP
- 10 Dynamics SL
- 1.5K Other
- 993 SQL General
- 384 SQL Performance
- 34 SQL Tips & Tricks
- 34 Design Patterns (General & Best Practices)
- Architectural Patterns
- 10 Design Patterns
- 5 Implementation Patterns
- 53 3rd Party Products, Services & Events
- 1.7K General
- 1.1K General Chat
- 1.6K Website
- 79 Testing
- 1.2K Download section
- 23 How Tos section
- 260 Feedback
- 12 NAV TechDays 2013 Sessions
- 13 NAV TechDays 2012 Sessions
SOX compliant roles and user security
afleet
Member Posts: 2
hello folks, as part of building sox compliant roles, we need to create a role (say, USER ADMIN) that, if given to a particular user, will allow them to:
a) insert/update/delete a user
b) insert/update/delete a role
c) assign/unassign roles to other users.
d) assign table/form/object access rights to roles.
This may sound a little strange, but that's what we need to achieve. A user with a role other than SUPER needs to do this.
we've had success creating other functionality-specific roles, eg GL POST, CUSTOMER MASTER MAINTENANCE, VENDOR MAINTENANCE, and we've done this by starting off with a role with no rights, and iteratively assigning rights as we attempt to perform the tasks in question, and noting which rights are required as they fail.
Crude, but effective.
This approach does not seem to work with user admin. If we throw any table or form that seems by name to be user related or security rated at this new USER ADMIN role, the result is still the same. The submenu items under the Tools... Security menu are still greyed out.
Can anyone point us in the right direction?
a) insert/update/delete a user
b) insert/update/delete a role
c) assign/unassign roles to other users.
d) assign table/form/object access rights to roles.
This may sound a little strange, but that's what we need to achieve. A user with a role other than SUPER needs to do this.
we've had success creating other functionality-specific roles, eg GL POST, CUSTOMER MASTER MAINTENANCE, VENDOR MAINTENANCE, and we've done this by starting off with a role with no rights, and iteratively assigning rights as we attempt to perform the tasks in question, and noting which rights are required as they fail.
Crude, but effective.
This approach does not seem to work with user admin. If we throw any table or form that seems by name to be user related or security rated at this new USER ADMIN role, the result is still the same. The submenu items under the Tools... Security menu are still greyed out.
Can anyone point us in the right direction?
0
Comments
If some user have this role, he can create, modify, delete users, give them roles, but he can assign only roles he himself is member (for example he is not able to assign role super to someone, if he is not SUPER user...). I am not sure, if this role include changing permissions for the roles...
Do not forgot, that access to the menu is driven by System type permissions (not table, datatable but system)...
MVP - Dynamics NAV
My BLOG
NAVERTICA a.s.