Role Level Security Determined by Windows Authentication

Hello All,

I am developing an application using Silverlight to provide some customized front ends for our NAV system. I'm having a few issues with getting security setup correctly. I have basically 2 user sets. I have users who should be able to look at information (that is, read only access) and users who can lookup information and change it. In that vein we've created a READ user and a MODIFY user.

The READ user has Read and Run Permissions on all of our pages. The MODIFY user currently has full permissions (if a user can modify records, they can also create and delete). The problem is that the READ user is still able to make changes. This leads me to believe that the Run Permission gives a user access to all of the methods exposed by NAV's web services. Is this the case? If it is, is there some other way to restrict permissions to just Read Only access? I originally gave my READ user only read access, and NAV returned a "you do not have permission to Run this page" error.

A related question, is there a way to query NAV for what permissions the role of the current logged in Windows user has? It would be ideal to disable the save, insert, delete, etc. buttons for users who do not have those rights in NAV. So far the only way I've found to do that is to attempt to perform a write action and then handle the "permission denied" error message that NAV returns. This isn't really an ideal situation.

Thanks,

Ryan Brown