mibuso.com
Home SQL General
Options

permission problem in Navision

kAsokAso Member Posts: 13
edited 2007-04-11 in SQL General
Hi,

I'm new at Navision and i've just started to configure it to the users. When i've created the logins from active directory i've given the C/AL programmers the super user role. On the sql server i gave them the db_owner role and when they are trying to add the new codeunit or some other code they receve the error message that they don't have the permissions to complete the action.

The other question is what role in Navision i have to give to all users just to "walk" trought Navisin. The all role is not enough because they recive the error that they do not have the permission to read the Object from the database. On the SQL server the are in public role. It seems that i need to grant everybody the db_owner role in SQL server... This doesn't seems normal...

Thanks...
... never stand between the dog and the tree ...

Comments

  • Options
    kinekine Member Posts: 12,562
    1) Which version of NAV you are using
    2) Which version of MS SQL you are using
    3) Permissions to create objects etc. depends on the used Lciense file.
    Kamil Sacek
    MVP - Dynamics NAV
    My BLOG
    NAVERTICA a.s.
  • Options
    nunomaianunomaia Member Posts: 1,153
    The All Role should be enough. Are you using DB authentication or Windows authentication?

    Witch Navision, SQL version are you using?
    Nuno Maia

    Freelance Dynamics AX
    Blog : http://axnmaia.wordpress.com/
  • Options
    kAsokAso Member Posts: 13
    kine wrote:
    1) Which version of NAV you are using
    2) Which version of MS SQL you are using
    3) Permissions to create objects etc. depends on the used Lciense file.

    NAV 4.0 SP2,
    MSSQL 2000,
    Licence file is full (everything is ok)...

    I'm using the windows autentification and one database autentification because is say's that security is starting to work when you add the firs database login for all the companies... Other than that we don't need it.

    Also some changes ... the programers can change the existing code but they cannot add the new one ...
    ... never stand between the dog and the tree ...
  • Options
    kAsokAso Member Posts: 13
    nunomaia wrote:
    The All Role should be enough. Are you using DB authentication or Windows authentication?

    When the user have the all role and public on SQL server he can't login into the navision. When i change the role on SQL Server he can login in Navision. As i said it looks like he has to be the db_owner to use the NAvision. This is very big security risk.... It doesn't seems normal...
    ... never stand between the dog and the tree ...
  • Options
    nunomaianunomaia Member Posts: 1,153
    Have you defined the permissions in the extended stored procedure?
    Nuno Maia

    Freelance Dynamics AX
    Blog : http://axnmaia.wordpress.com/
  • Options
    kinekine Member Posts: 12,562
    1) If you have permissions problem with codeuits, there are two possibilities:
    a) You are trying to save the codeunit into ID range outside allowed range (50000..99999, exact range depends on used license - end-user, partner etc.)
    b) The modified codeunit have object permissions to some table for which you have not enough permissions
    2) I recommend to use SP3 and standard security model
    Kamil Sacek
    MVP - Dynamics NAV
    My BLOG
    NAVERTICA a.s.
  • Options
    kAsokAso Member Posts: 13
    nunomaia wrote:
    Have you defined the permissions in the extended stored procedure?

    How do i do that. I've never read about this. How could this be only for few things. Does this answer is for all role question or for the super role problem.

    Don't know how to i cannot have enought permission because everybody is in the superuser role.

    Another question: what role i have to give to the users if they will only enter data and edit them i the form. Do they have to be in all role and also in the role of the foms they neeed access and teble thet they nead access... Okey if this is true what role they have to be in the SQL Server... As i've tested they have to be in the db_owner role. Is this true...?
    ... never stand between the dog and the tree ...
  • Options
    kAsokAso Member Posts: 13
    Also can you recomend me some book about the roles and security in navision. As i see the biggest problem to me is the configuration of permissions in the SQL option. I've read the materials requred for the exam but the security section is very poor.

    Book, e-book, video, white paper.... anything?? Appreciate the effort..
    ... never stand between the dog and the tree ...
  • Options
    kinekine Member Posts: 12,562
    Kaso, I recommend to read the w1w1isql.pdf document and Navision - Security Hardening Guide.pdf to find out more about security in Navision. You need to clear some things.
    Kamil Sacek
    MVP - Dynamics NAV
    My BLOG
    NAVERTICA a.s.
  • Options
    kAsokAso Member Posts: 13
    kine wrote:
    Kaso, I recommend to read the w1w1isql.pdf document and Navision - Security Hardening Guide.pdf to find out more about security in Navision.

    That is exactly what i was looking for... Thx.. I'll get right on it... The exam materials are so pure with informations...

    btw. The solution with codeunit is solved... Looks like that we always add the same number of codeunit (stupid) and the Navision was giving us an error that we don't have permissions. Thx.
    ... never stand between the dog and the tree ...
  • Options
    krikikriki Member, Moderator Posts: 9,090
    [Topic moved from Navision forum to SQL General forum]
    Regards,Alain Krikilion
    No PM,please use the forum. || May the <SOLVED>-attribute be in your title!

Sign In or Register to comment.