SQL Permission Problem Navision 5.0

Which security model - Extended or Standard?

I had the same problem. Changing the Security Model from Enhanced to Standard solved the problem.

I have recently moved a Customer running NAV 5 SP1 from NAV Database Server to SQL Server, and am experiencing some interesting SQL problems:
1. I was amased at how many new tables showed up as not having permissions, considering everyone has been working fine for 18 months before the change.
2. The non-super users are not able to Send To Excel (or MS Word), getting a Read Permission problem on Table 2000000067 "User Default Style Sheet". Adding this table to the ALL Role, and even synchronising All Users does not cure the problem. ](*,)


Is this a known problem in NAV 5 SP1, and how can I cure this problem?

PS: I have had other cases where I add a Table permission to ALL. and it did not do the trick. I had to Remove a lesser permission to the same table from another Role (used by the same user) to get it to work. I am starting to suspect that the SQL C/SIDE Client might not be using the greater of the permissions..

Thanks for your reply Jörg,
Obviously this defeats the pupose of the NAV security amangement somewhat, but at least I know that there are some anomalies still in this side of Permissions in SQL, that will hopefully be resolved at some stage (soon?).

I have another Issue, this time to do with using (Domain) Security Groups in NAV. I found I could not use them at all (Tried on three different installations - they all do exactly the same, using both NAV V5 SP1 and NAV 2009).

If I add a NAV Windows Login, that is a Security Group, with some Role Assigned, I can no longer Synchronise the Permissions from NAV. I get the SQL Error ...Cannot find the user '$ndo$ar$<very_long_number>', because it does not exists, or you do not have permission. This happens on the T_SQL GRANT statement.

I am trying this as a user with sysadmin and am also the db_owner.

Much as I would prefer to use them, I have given up trying to user Groups for now, assigning Roles directly to the Windows Users.

Also a know issue, or am I consistently not uderstanding something here, do you think?

PS: What is the best channel to give this type of feedback, hopefully for the developers to try and resolve?

Kind regards,
Theo

I also have the problem with synchronising logins stopping working once windows groups are added in NAV when using the Enhanced Security Model - or rather once the group added has been assigned a role in Navision.

Has happened when setting up a test server with two different NAV databases taken from Live which have been configured by different MS partners and with very different pedigrees. Works OK if switched to Standard Security - unfortunately this is not an option for the moment.

Groups are Domain Local, members are in local domain, members are also added as windows logins in Navision and I'm doing all this as sysadmin on SQL server. Synchronise All fails and so does Synchronise Single Login for each user that is a member of a group with a role defined. The $ndo$ar$<very long number> not found message equates to the Application Role for that particular user (or first one enumerated if Sync ALL) with the long hex number equating to the user's SID. It can't find it because it gets removed at some point (can't remember if it this is when the group is added, role added to group or the first sync is attempted in this state).

Current version is NAV 2009 RTM with SQL 2005 SP3 so obvious question is whether this problem goes away with a SP1 or a further rollup?

Does anyone know?