Howdy, Stranger!
Categories
- All Categories
- 73 General
- 73 Announcements
- 66.5K Microsoft Dynamics NAV
- 18.5K NAV Three Tier
- 38.4K NAV/Navision Classic Client
- 3.6K Navision Attain
- 2.4K Navision Financials
- 115 Navision DOS
- 854 Navision e-Commerce
- 1K NAV Tips & Tricks
- 772 NAV Dutch speaking only
- 615 NAV Courses, Exams & Certification
- 2K Microsoft Dynamics-Other
- 1.5K Dynamics AX
- 262 Dynamics CRM
- 109 Dynamics GP
- 10 Dynamics SL
- 1.5K Other
- 992 SQL General
- 385 SQL Performance
- 33 SQL Tips & Tricks
- 34 Design Patterns (General & Best Practices)
- Architectural Patterns
- 10 Design Patterns
- 5 Implementation Patterns
- 53 3rd Party Products, Services & Events
- 1.7K General
- 1.1K General Chat
- 1.6K Website
- 79 Testing
- 1.2K Download section
- 23 How Tos section
- 259 Feedback
- 12 NAV TechDays 2013 Sessions
- 13 NAV TechDays 2012 Sessions
Options
Permissions in NAV2013/How to restrict access to pages
BGR
Member Posts: 8
I have a situation when I need to set up permission for a user. Hi is allowed to post to GL account but is not allowed to see GL entries. I need to restrict an access to GL entries page.
How can I do that?
How can I do that?
0
Comments
Give that table a look and see if it can help or not
You should not grant permission on an object level, but rather on a data level. That is, grant permissions on tabledata objects only, just as the standard does. System (pseudo-)objects are exempt from this rule.
In your case, use indirect permissions, so he can access the relevant data by using other objects (namely the posing codeunits), but not see or manipulate the data directly on pages.
Object type - Table data
Object no. -17
Read permissions - Yes
Insert permissions - Indirect
Modify Permissions - Indirect
The user can post Sales/Purchase invoice (which is good) and can see GL entries (which is NOT good)
If I change Read permissions to Indirect the user can't see GL entries (which is OK) but he can't post Sales/Purchase invoice (which is not OK)
The questions is how to setup permissions to allow the user to post sale/purchase invoice but do not let him to see GL entries???
If permission is required to calculate flow fields, you might consider editing the permission property of the table containing the FlowField.
Assuming it's okay for them to see amounts on the G/L Account card / Chart of Accounts and you just need to limit the ability to see the specific G/L entries, the steps (at a high level) are as follows:
- From the ALL or BASIC role (Depending on the version) remove permissions for Page 0 (Form 0 if you're on an older release or non-RTC) and Report 0
- Use the All Permissions action (if you're on NAV 2013+) to add all pages and reports to the role (if you're on an older/Classic release, drill up to the object list and select/copy all forms and reports, then paste them back into the role) and give execute permission
- Remove the sensitive pages/reports/forms
- i.e. Delete the General Ledger Entries page permission
- Also delete permission to reports that show G/L entries, like the G/L Register and Trial Balance Detail/Summary
http://www.epimatic.com
As a coincidence, we had to look at something along these lines (not quite the same, but similar) for a client this week. They are on NAV 2009 so this may not cover it all, but I searched for reports with a G/L Entry data item so we could remove permissions for those. There are a few we didn't worry about (related to consolidations), but the report IDs were: 4, 35, 86, 91, 10009, 10010, 10019, 10021.
Also keep in mind that if the customer has Analysis Views set up, you may need to block those pages and related reports from being accessed as well.
http://www.epimatic.com