Permissions in NAV 2017

  • Dynamics Business Central (NAV)

    Permissions in NAV 2017

    Posted by DSC Communities on October 24, 2017 at 11:25 am

    • Traci Albosta

      Member

      October 24, 2017 at 11:25 AM

      We are using NAV 2017.Ā  I have been told that it is “bad” to give all of your users SUPER permissions.Ā  I am attempting to set up my production department with the permissions necessary to do their job.Ā  I have started by giving them every permission associated with INVT, MFG, P&P, WM as well as BASIC and FOUNDATION.Ā  Now my Production Manager cannot make an Item Journal entry because of the following error : You do not have the following permissions on Table Data G/L – Item Ledger Relations: Insert.Ā  I have added the ability to read G/L account schedules, Read G/L accounts and entries and read G/L registers.Ā  I have also tried adding the ability to edit all of these.Ā  Nothing allows him to post the Item Journal.Ā  Any suggestions?Ā  I still need to set up the other departments, but am trying to get Production to work first.Ā  Thanks for any help you can offer.

      ——————————
      Traci Albosta
      Comitt Well Solutions LLC
      Katy TX
      ——————————

    • Kim Dallefeld

      Member

      October 24, 2017 at 11:30 AM

      My recommendation is to setup a permission set for your Company, maybe something like CWS-MFG. Then add ‘indirect’ permission for the G/L Item Ledger Relations table. You might need other company specific permission, so create your own permission sets as needed and add to them to get your permissions as desired.

      ——————————
      Kim Dallefeld
      NAV Consultant
      Past NAVUG Chair
      NAVUG Programming Committee
      Ft Worth, TX
      Kim@Dallefeld.com
      ——————————
      ——————————————-

    • Aaron Brown

      Member

      October 24, 2017 at 7:00 PM

      Have you tried using the permissions recorder feature available in 2017?Ā  Ā Using this tool, you can then a super user perform a transaction.Ā  You can then review all of the permissions they needed to perform that transaction and use those to set up a specific job function permission set.Ā 

      Here are some links for using the permissions recorder:

      Record Permissions: How to create user permissions by recording permissions automatically in Microsoft Dynamics NAV 2016: Microsoft Dynamics Nav 2016 tutorial – Microsoft Dynamics NAV Community

      How to Use the Permissions Recorder in Dynamics NAV 2017
      Ā 

      ——————————
      Aaron Brown
      Director of Finance
      Oregon Ice Cream
      Camas WA
      ——————————
      ——————————————-

    • Ashley Russell

      Member

      October 25, 2017 at 8:18 AM

      Hi Traci,

      First – it is definitely a good practice to limit permissions in NAV.Ā  This can be a difficult and time consuming process.Ā  What you are doing is good though – add the minimum and then add a few permissions at a time as needed.Ā 

      We are on NAV 2016.Ā  We created a copy of BASIC where we added any additional permissions needed and custom object permissions.

      We added Indirect permissions to the G/L – Item Ledger Relation under our custom BASIC permission set. (For anyone posting transactions, this seemed to be necessary – thus we added to BASIC).Ā  Since it is indirect, no one will be able to do anything directly to that table.

      In other cases you may want to make a custom permission set if the permission error is more narrow or specificĀ to a certain area.Ā  In this case though – G/L – Item Ledger Relation will be needed in many areas.

      (I accidentally also sent this to you in a message).

      ——————————
      Ashley Russell
      Business Project Manager
      LBX Company LLC
      Lexington KY
      ——————————
      ——————————————-

    • Liz Piteo

      Member

      October 25, 2017 at 1:50 PM

      Hi Traci!Ā 

      Yes, generally it is a bad idea to give every user SUPER permissions.Ā  You would want to limit users to have access to permissions that are in line with their job functionality in order to limit any potential risks to your system whether intentional or unintentional.Ā  Also, auditors don’t like SUPER users very much – they get very persnickety about that.

      The permissions recorder is a great tool and this is a good blog post that gives some detailed info about it.Ā  There are also a link in there to Best Practices for Setting Up Security in NAV which has some useful information.Ā Ā 

      How to Use the Permissions Recorder in Dynamics NAV 2017

      Gofastpath remove preview
      How to Use the Permissions Recorder in Dynamics NAV 2017
      Also Recommended: Best Practices for Setting Up Security in NAV The release of NAV 2017 includes many new things and improvements. If you want to read about what’s new you can check out this blog: New in NAV 2017. The improvement we are most excited about can be found in the permissions recorder that makes setting up permissions even easier.
      View this on Gofastpath >

      ——————————
      Liz Piteo
      Director of Sales
      Fastpath
      Coral Springs FL
      ——————————
      ——————————————-

    • Holly Kutil

      Member

      October 25, 2017 at 2:36 PM

      We set up permissions for every department including Executives.Ā  Those permissions are copied into a user profile based on their jobs.

      We have the following permission sets:
      OWNERS
      ACCOUNTING
      PURCHASING
      QUALITY
      SALES
      WAREHOUSE

      As director of business intelligence, I have an admin account with super user permissions.Ā  This is not the account I use for my daily routine, but one I log into when necessary.

      Our partner created a spreadsheet of all the permissions we have set up, so when someone gets an error regarding not having permission, I can easily go to the spreadsheet filter on the area they are getting blocked and make necessary adjustments quickly.

      It was quite the job getting them all set up, but they are great to have in place now!Ā  The set up has made it very easy to role out and make any necessary adjustments.

      ——————————
      Holly Kutil ~ NAVUG All-Star
      American Ring/Business Intelligence Dir.
      Solon, OH 44139
      **Great Lakes Chapter**
      ?? Women In Dynamics ??
      ——————————
      ——————————————-

    • Mark Rhodes

      Member

      October 25, 2017 at 3:42 PM

      Traci, be sure to check out the on-demand learning in our webinar recordings.Ā  We’ve done many webinars over the years on security since this can be a tricky area.Ā  Best practices and several others are out there – go to Learn & Engage on the left menu, then Webinar Recordings, then Browse by Topic.Ā  You’ll see the Security filter right there.Ā  Good luck!

      ——————————
      Mark Rhodes
      General Manager, NAVUG
      Dynamic Communities
      Windsor CO
      ——————————
      ——————————————-

    • Anthony Darden

      Member

      October 26, 2017 at 8:08 AM

      Hi Traci!

      As most have commented on and I agree with 100%, SUPER user permissions should be avoided for all users.Ā  It’s a great starting point to help chip away at what someone does until the permissions are properly set, but auditors will chew you up and there will be mistakes made by wandering users within the system. Ā 

      The permissions recorder is a great tool and certainly worth exploring, but if you have users that wear many different hats within your organization and/or you require extra granularity with permissions, I recommend taking a look at Mergetool’s Easy Security – we have been using them for a few years now and have all the flexibility we need.

      Thanks,

      Tony

      ——————————
      Anthony Darden
      Director of IT
      Protective Industries, Inc.
      Buffalo NY
      ——————————
      ——————————————-

    • Mathew Ealy

      Member

      October 26, 2017 at 8:09 AM

      We used an add on called Easy Security that helped us build profiles, we then built profiles by job function and applied them to the users performing those job functions. It made life much easier in that you could “record” the job function and it would use sql profiler to capture the permissions needed.Ā 
      With permissions like all computer security least needed is the current best practice.

      ——————————
      Mathew Ealy
      Nav Support Specialist
      Rentokil N. America
      Reading PA
      ——————————
      ——————————————-

    DSC Communities replied 7 years, 10 months ago 1 Member · 0 Replies
  • 0 Replies

Sorry, there were no replies found.

The discussion ‘Permissions in NAV 2017’ is closed to new replies.

Start of Discussion
0 of 0 replies June 2018
Now

Report

Harassment or bullying behavior
Contains mature or sensitive content
Contains misleading or false information
Contains abusive or derogatory content
Contains spam, fake content or potential malware

Block Member?

Please confirm you want to block this member.

You will no longer be able to:

  • See blocked member's posts
  • Mention this member in posts
  • Invite this member to groups
  • Message this member
  • Add this member as a connection

Please note: This action will also remove this member from your connections and send a report to the site admin. Please allow a few minutes for this process to complete.

Report

You have already reported this .

Welcome to our new site!

Here you will find a wealth of information created for peopleĀ  that are on a mission to redefine business models with cloud techinologies, AI, automation, low code / no code applications, data, security & more to compete in the Acceleration Economy!