Access to a specific company only
estherwu
Member Posts: 18
Hi - I am trying to set up a user (User Y) to have read only access to only 1 company (Company A) in our Nav database, in which we have 5 company (Company A-E) in total.
I set up the security by going into Security > Database Login and assign read only access to Company A. I tested it by logging in as User Y and confirmed that User Y can only see Company A if he opens company by going to File > Company > Open. He cannot see Company B-E. So it's all good here.
BUT, since there is a chance we share computers at work, I've also tested a scenerio where User Y access the company by using the shortcut list under the File menu (at the bottom of the File, you will see a list of 4-5 companies that were opened using that PC previously). If I go to that shortcut list, select Company B, and login as User Y, the system will let me in! and I can browse data in Company B just as User Y has full access to that Company.
Any way I can get this fixed? Any suggestion? Thanks in advance!
](*,)
I set up the security by going into Security > Database Login and assign read only access to Company A. I tested it by logging in as User Y and confirmed that User Y can only see Company A if he opens company by going to File > Company > Open. He cannot see Company B-E. So it's all good here.
BUT, since there is a chance we share computers at work, I've also tested a scenerio where User Y access the company by using the shortcut list under the File menu (at the bottom of the File, you will see a list of 4-5 companies that were opened using that PC previously). If I go to that shortcut list, select Company B, and login as User Y, the system will let me in! and I can browse data in Company B just as User Y has full access to that Company.
Any way I can get this fixed? Any suggestion? Thanks in advance!
](*,)
0
Comments
-
If someone need just permission for one company, you needs to assign his roles just for this company. It is simple, just specify the company in the role list for this user and you are done. He will see just his company in the company list and he will be not able to login into another one...0
-
"It is simple, just specify the company in the role list for this user and you are done"
OK and where can I find the role list in NAV? Can U give me the path?
Thanx
Gi.Navision Functional Analyst
Rome0 -
Ok! Found! I misunderstood the issue. I'd say extremely simple.
Gi.Navision Functional Analyst
Rome0 -
Yes that's what I did. Set up a new role with access to the authorized company only. And when I signed in as the user (User Y), and go to File > Compan > Open, I can only see the company in the company list. So it's good that. I did get that part right.
BUT, the real issue is, if user Y somehow access Navision using someone else's PC, and if that someone else is a superuser who has acccess to other company, and if user Y selects the company by going to the shortcut list (if you go to File, then there are a few companies listed at the bottom of the menu, those are companies most recently accessed via the Nav client on that PC), instead of by going to File > Company > Open, user Y WILL be able to access an unauthorized company. When user Y select an unauthorized company from the shortcut list, Nav will prompt for user ID and password, user Y put them in, and surprise! Navision let user Y in, and let him browse any data as if he is that superuser.
It is an issue if user Y is using someelse's PC, or if someone else used user Y's pc and login as superuser, both cases will leave some unauthorized company in the shortcut list where user Y can select, and system let him in!
Do you understand my point here?
Thanks0 -
Kine:
"If someone need just permission for one company, you needs to assign his roles just for this company. It is simple, just specify the company in the role list for this user and you are done. He will see just his company in the company list and he will be not able to login into another one..."
_________________
This works only if that user follow the 'normal' path to open the company, which is File > Company > Open.
This does not work if that user select an unauthorized company from the shortcut list under File, Navision will let the user in even when the user is not set up to have the permission to access that company.0 -
-
It's V4.0 SP1.
Thanks!0 -
Native or SQL?
I tested it on SP2 and SQL 2005 and if you are connecting to wrong company, you are not able to open any table or Menusuite...0 -
we are on SP1 native (C/SIDE)...
I tried different thing but it still let the user into the unauthorized company if selecting from the shortcut.
And upgrading the client or changing database platofrm is not really an option for now..
HELP!!!!
](*,)0 -
Dear estherwu,
Navision with SQL provides the record level security i.e u can restrict by company/loaction/dimension but Native database only gives u functionlaity level security. Though u can restrict the user to open one company only but as u mentioned there is shortcoming that he can open with shortcut.
Probably u need to customize as we did in one implementation using responsibility centre and user setup. The user though was able to open all the three companies but could not see any data as the security filter use to stop it.
Regards
Sandeep SinglaCA Sandeep Singla
http://ssdynamics.co.in0 -
Hi Sandeep,
Thanks for the information. Could you kindly advise where I can find the 'responsibility center' you mentioned?
Thanks!
Esther0 -
Hi Sandeep,
I found the responsibility center in Navision. But could you elaborate on how you set that up? So I set up a responsibilty center in the authorized company? And then assign that to the company? Then what?
If you can be more specific, that'd be really helpful.
Thanks
Esther0 -
You can use User setup table to restrict the users. For example in CU1 you can add into "CompanyOpen" function add test that there is record for the user in the User Setup table. If not, you can call Error and you are done.0
-
Hi Kine,
Thanks for the reply. But I am still unsure about what to do. You said in CU1 I can add into the 'CompanyOpen' function? What is CU1? And where is the 'CompanyOpen' function?
Sorry I am new to Navision, not familiarize with the short form of the names..In the user setup table, I only see some columns like Allow Posting', 'Allow Posting To', 'Change Contract', etc which let you only to put check marks (to check or uncheck), and then the last few columns are 'Sales Resp. Ctr', 'Purchase Resp. Ctr', 'Service Resp. Ctr', etc. etc.
Thanks in advance for your help.
Esther0 -
Ok, I do not know, if it is task for you if you are beginner in Navision.
1) You need appropriate license for changing codeunit 1 (CU1)
2) CompanyOpen is function in Codeunit 1
3) You need add own field into User Setup table for your purpose. There is no standard field you can use for that.0
Categories
- All Categories
- 75 General
- 75 Announcements
- 66.7K Microsoft Dynamics NAV
- 18.8K NAV Three Tier
- 38.4K NAV/Navision Classic Client
- 3.6K Navision Attain
- 2.4K Navision Financials
- 116 Navision DOS
- 851 Navision e-Commerce
- 1K NAV Tips & Tricks
- 772 NAV Dutch speaking only
- 610 NAV Courses, Exams & Certification
- 1.9K Microsoft Dynamics-Other
- 1.5K Dynamics AX
- 251 Dynamics CRM
- 103 Dynamics GP
- 6 Dynamics SL
- 1.5K Other
- 991 SQL General
- 383 SQL Performance
- 34 SQL Tips & Tricks
- 28 Design Patterns (General & Best Practices)
- Architectural Patterns
- 9 Design Patterns
- 4 Implementation Patterns
- 53 3rd Party Products, Services & Events
- 1.6K General
- 1K General Chat
- 1.6K Website
- 77 Testing
- 1.2K Download section
- 23 How Tos section
- 249 Feedback
- 12 NAV TechDays 2013 Sessions
- 13 NAV TechDays 2012 Sessions