Deploy NAV Security Roles easily
One of the areas that company project managers often miss in the later stages of deploying a new ERP solution is setting up user security. As an ERP database contains sensitive data such as financial performance, customer price lists, suppliers, and trade secrets, compromising on data security can be very risky and leave a company in a vulnerable state
What are NAV Roles?
Microsoft Dynamics comes with standard NAV Roles that can be easily deployed for each user. A role is a set of permissions for a set of objects in the database. The names of the roles correspond to the tasks, such as viewing customers, posting orders, editing items, etc.
How do I begin?
The first step in deploying NAV Roles to each user is to understand the basic permission structure of the NAV default roles. Role permission can be categorized in four areas:
1. View permissions
2. Edit permissions
3. Posting permissions
4. Permissions related to setups and periodic tasks
For example, a typical CSR will need to view customers (View permissions). However, perhaps only the head supervisor is allowed to insert and edit customers (Edit permissions). For sales order processing, a CSR will need to create new sales orders (edit permissions) and post invoices (posting permissions). Once you understand NAV Roles and their structure, my recommendation is to create a very simple excel spreadsheet (example below) to outline each user and their tasks per functional area i.e. General Ledger, Sales and Receivables, Accounts Payable, etc.
Once this spreadsheet is finalized, the task of assigning roles to users will be more efficient. All security setups must be done in the NAV classic client. Go To: Tools> Security> Windows Logins. The first step is to add the user to Windows Logins. Once the user is added to Windows Logins, access ‘Roles’ from the menu at the bottom of the form. Note that at least one user must be assigned the SUPER role.
Once this has been completed, you can begin to assign roles to the remaining users. All users must have the ‘ALL’ role and ‘BASIC’ role for RTC. (For RTC you will need to import RTC roles. See White Paper Permission for Sample Roles).
Below are the standard roles for Sales & Receivables processing. Notice that there are two roles related to customers – S&R-CUSTOMER AND S&R-CUSTOMER, EDIT. The S&R-CUSTOMER will only allow viewing of customers and ledger entries whereas S&R-CUSTOMER, EDIT will allow the user to create and modify customer records. As per sales order processing, there are two roles related to entry of sales orders (S&R-Q/O/I/R/C) and posting of sales orders ((S&R-Q/O/I/R/C, Post).
Once you have setup a user in a specific department, you can copy and paste their roles into another user, and then make updates if there are slight differences in their security permissions.
Roles assigned to user
What is synchronization?
The essence of the security system for SQL Server Option is the synchronization process. This process ensures that the information contained in the NAV security setup corresponds with the information in the SQL Server security system. SQL Server database users contain permissions that the users have to the database objects.
Every time changes are made to NAV security, such as adding new users, updating user roles, or creating new roles, synchronization of the security system is required. To synchronize NAV security, go to: Tools > Security? Synchronize.
For security changes to single users, you can use Synchronize Single Login, as this is much faster.
Written: by Mark Stept