Synchronization doesn't help
Add db_owner to Database role membership
Quickly filling newly created Role with all objects [of certain type]
Add one line for DataTable, ID=0, set all permissions to Yes [and save*]. Click All Objects button, remove all Yes from tables you want to not access to, click OK
[*]you can save it only if you do some change. Changing some permissions to Indirect or empty, move cursor to next line (the line is saved), go back and change the value back. This is shortest way how to create the line for TableData ID=0 with all permissions. It is tricky but it is "the way how it is done".
source: How to set multiple roles for a user?
UPDATE:
Because NAV 2016 does not have "All Objects" button, the best we can do is copy list of objects from Object Designer to Excel and import it using Configuration Package
User can open NAV up to open company but can't open any menu (some error like "don't have access to G/L Setup")
For database in question, make sure that db_owner on Database role membership is checked (SQL 2005)
How security filters on a table are applied:
Same field on one role [more than once]:
Same field on multiple roles: OR-ed
Different fields on one role: AND-ed
Different fields on multiple roles: AND-ed
Among roles assigned to a user, there are two like these:
1st role: Read/Insert/Modify/Delete "Sales Header".Creator = (USERNAME)|''
2nd role: Read/Insert/Modify/Delete "Sales Header".Salesperson = '1010-001'|''
According to explanation above, user should be able to insert (and then modify) Sales Header only when he/she is the Creator and using his/her Salesperson code, but what really happened was that the user was able to create a Sales Header for Customer XYZ (which has Salesperson code '2020-002' assigned to it and that code is automatically inserted to Sales Header)
No comments:
Post a Comment