Navision 2009 R2: nav users, roles and sql application roles

StackOverflow https://stackoverflow.com/questions/17487924

  •  02-06-2022
  •  | 
  •  

Question

I see Navision uses SQL application roles to manage user permissions to select, insert, delete data in its tables.

I see that for each navision user, exists a SQL database user with the same name.

Relation between nav roles and sql aplication roles is not direct. It seems there are as many SQL application roles as diferent sets of nav roles are applied to all nav users.

Anyway I guess there is some place where it is stored which SQL application roles each user must use. Do you know where it is stored this info? The SQL application roles names are a litlle criptic... Do they have some meaning?

Was it helpful?

Solution

Well "enhanced" is strange mechanism. As it mentioned here it has a "activation mechanism" for application roles and almost no documentation (even on administrating level).

As far as I understand this is the way it meant to be used: you enable enhanced level and administrating users and their roles in Nav, after that you develop (or use) third-party application that uses Nav data through SQL Server directly (loosing all business logic of course). In this case you can use same user credentials both in Nav and in the application and have same access level to the data (and same restrictions). But this does not mean you can manage permissions outside of Navision. Moreover because of mentioned "activation mechanism" the only place to manage security is classic client.

In case of standard security application user will have SQL-managed set of permissions and Nav user will be restricted by Nav Roles. And be the happiness.

OTHER TIPS

If you are using Database Logins, then the logins are validated against those stored in the database. Windows logins are managed by the domain and a validated in the Active Directory during login. In both cases individual table insert/update/rename/delete permissions are set in NAV under a NAV 'role' (Tools > Security > Roles).

Classic Client

If a user needs access to the classic client, a group or user could be used in SQL to give the dataread, datawrite SQL roles.

Role-tailored Client

NAV 2009 R2 is in the three-tier architecture, so if you're using RTC, you should make sure your service tier account has access to the SQL database, but apart from that permissions for individual users are managed from the Classic Client (Tools > Security).

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top