Hi all,
I have created a database login named TEST and a role named WM-PROD-BOM. The role WM-PROD-BOM contains list of objects belonging to Granule ID 5420 - Production Bill of Material, for which i have not granted any permissions.
The idea is to create a user without having any permissions for Production BOM and test which of my functionalities integrated with NAV do not work without it.
I have assigned the role WM-PROD-BOM to the user TEST. Now if i login NAV with this user and open the company, it gives me error as "You do not have permissions to read General Ledger Setup table". It gives me second error as "You do not have permissions to run MBS menusuite" and then it does not open the company.
I then assigned additional role ALL to the user TEST and tried to login. This time i was able to open the company but when i look at the NAV menusuite, it does not show me most of the forms. It shows only reports, documents and few forms.
I am not sure what is missing in the above setup. Have i done anything silly.
Why most of the forms are not seen in the menusuite say Customers, Quotes, Orders etc?
Below is the list of objects included in 5420 granule.
Granule No. Granule Name Object Type Object No.
5,420 Basic Manufacturing - Production BOM Table 5,407
5,420 Basic Manufacturing - Production BOM Table 5,416
5,420 Basic Manufacturing - Production BOM Table 99,000,771
5,420 Basic Manufacturing - Production BOM Table 99,000,772
5,420 Basic Manufacturing - Production BOM Table 99,000,776
5,420 Basic Manufacturing - Production BOM Table 99,000,788
5,420 Basic Manufacturing - Production BOM Table 99,000,789
5,420 Basic Manufacturing - Production BOM Table 99,000,790
5,420 Basic Manufacturing - Production BOM Table 99,000,811
5,420 Basic Manufacturing - Production BOM Table 99,000,819
5,420 Basic Manufacturing - Production BOM Table 99,000,825
5,420 Basic Manufacturing - Production BOM Table 99,000,829
5,420 Basic Manufacturing - Production BOM Codeunit 8,000
Please help and/or guide me.
Thanks,
hav
Regards,
Hemant
MCTS (MB7-841 : NAV 2009 C/SIDE Solution Development)
0
Answers
That you created role with some tables without permissions is doing nothing. You need to allow all other tables. You need to do the negation of what you did. You cannot permit access, you can just allow access. Use the button All Objects button to set the permissions. Fastest will be:
Add one line for DataTable, ID=0, set all permissions to Yes. Click All Objects button, remove all Yes from tables you want to not access to, click OK. The permissions of the role will be changed in a way that you will have access to all tables excluding the tables you do not want.
MVP - Dynamics NAV
My BLOG
NAVERTICA a.s.
I tried to do what you had said but things are not working as expected.
When i click All Objects it just show me list of all Navision objects but i don't see any permissions set for any of the object by default. Moreover only objects whose permissions i set in this window are getting transferred to Permission window.
It would be cumbersome to set permissions for all table objects one by one leaving only those which i want to deny.
In a nutshell i undestand that i need a role having permissions over all objects except those which i do not want to grant acccess to.
If this is the case then we need to think of some better alternative to achieve it.
Hemant
MCTS (MB7-841 : NAV 2009 C/SIDE Solution Development)
MVP - Dynamics NAV
My BLOG
NAVERTICA a.s.
Moreover it does not allow me to add any new row after the first default line.
I then tried the following and see how it works.
Added first line for Table having ID = 0 and all premissions set. I saved it. Now if i click All Objects it shows all Navision objects having all permissions set for table objects.
Again if i add second line for TableData having ID = 0 and all premissions set and then click All Objects (after saving), it does not show me all permissions set for TableData objects. The table objects still retain all permissions.
I don't know something funny is happening with TableData line.
I then added lines one by one for Form, Report, Codeunit etc having ID =
0 and all permissions set.
Finally i inserted a new line for TableData on top of first line. I then saved all lines. Now when i click All Objects, the window show me all Navision objects having all permissions set.
Now i removed permissions for objects belonging to Granule No 5420 and then click OK. All objects(except the one for which i had denied permissions) are now transferred to Permission window.
Alas! I was able to create a role with required permissions.
I am able to test my functionalities integrated with NAV using this role.
Oh! what an exercise to achieve this.
Nice to talk to you.
Regards,
hav
Hemant
MCTS (MB7-841 : NAV 2009 C/SIDE Solution Development)
Yes, the line is filled like this by default, but you can save it only if you do some change. Changing some permissions to Indirect or empty, move cursor to next line (the line is saved), go back and change the value back. This is shortest way how to create the line for TableData ID=0 with all permissions. It is tricky but it is "the way how it is done".
PS: You need to add the [solved] prefix into the first post subject, not the last one, else it will be not displayed in Topic list... ;-)
MVP - Dynamics NAV
My BLOG
NAVERTICA a.s.