User security in Navision 2017
Introduction:
In Navision, user security can be achieved by assigning different permission sets to users. Permissions can be assigned to users according to their role. A collection of database permissions for one or more objects in the Microsoft Dynamics NAV database that you can assign to one or more users is known as a Permission Set.
In this article, we will be creating a user who will have access to Items, Customers and Sales Orders only. Everything else present in the UI will be hidden from this user.
Prerequisite:
Microsoft Dynamics Navision 2017
Purpose of the setup:
Our goal is to create a user with limited permissions. This user will have access to only Items, Customers and Sales information.
Steps:
- Create new permission sets which includes access to only those objects i.e. tables, pages, reports, codeunits, etc. which the user has access to.
- A new user is created. The newly created permission sets are then assigned to this user.
- This will ensure that the user does not have permissions to access any other tables, pages, reports or any other objects which are not mentioned in the above newly created permission sets.
- Now these UI elements which the user does not have access to should not be visible to the user.
- Microsoft Dynamics NAV can be configured to show and hide user interface (UI) elements based on the license or the user’s permissions to the underlying tables. All elements, fields, actions, and page parts, can be removed from the user’s view of Microsoft Dynamics NAV.
- Depending on the setting in theUI Elements Removal field in the Microsoft Dynamics NAV Server Administration tool, only UI elements on objects in the license or on objects that the user has permissions to will appear in the user interface.
- LicenseFileAndUserPermissions should be selected for the UI Elements Removal field in the NAV Server Instance. This ensures that a UI element is removed if the related object is not included in the license file and the user does not have permissions to the object as defined in the AccessByPermission property for the related UI element.
- To make full use of theLicenseFileAndUserPermissions option in the UI Elements Removal field, it is recommended that you assign the special permission set, FOUNDATION, along with the relevant permission sets that define which application objects the user will access.
- AccessByPermissionproperty can be used to remove the element which should not be visible to the user. This Property Applies to Fields in tables (affecting all related fields on pages), Fields on pages, Actions on pages, MenuSuite items, Page parts, such as a Lines FastTab.
- To remove a UI element ‘Permission set’ from the visibility of the above created sales user, go to the MenuSuite. Navigate to the ‘Permission Sets’ under General section of Administration in the MenuSuite.
- Go to the properties of ‘Permission Sets’
- Select the ‘Access By Permissions’ property. Choose the AssistEdit button in the Value field.
The fields which are required to be selected are:Object Type – Specify the type of object to which permission is required for the UI element to be visible.
Object ID – Specify the object to which permission is required for the UI element to be visible.
Read – Specify if Read permission is required for the UI element to be visible.
Insert – Specify if Insert permission is required for the UI element to be visible.
Modify – Specify if Modify permission is required for the UI element to be visible.
Delete – Specify if Delete permission is required for the UI element to be visible.
Execute – Specify if Execute permission is required for the UI element to be visible.
Hence, ‘Permission Sets’ will be visible to the user in the front end only if he has access to read the Permission Set table. In this scenario, Permission sets will not be visible to the user.
Conclusion:
Thus, using UI elements removal feature and Access By Permissions property, UI elements can be hidden from the user’s visibility. Different permission sets can be created for different users with limited permissions.