Applying security filters in situations where the functionality involves running one or more codeunits is quite difficult. For example, in a posting procedure the security filters are applied to the user and must then be supplemented with indirect read permissions at the user level and object level.

Setting Security Filters

The following example demonstrates how to set security filters that limit the permissions that a user has to certain functionality and illustrates the complexity of this process.

This example shows a user who can post in the G/L Journal. The user has been given the following roles.

Role Description

All

All users

G/L-Journal

Create entries in G/L journals

G/L-Journal, Post

Post G/L journals

Payment Terms

A role created for this example that gives access to the Payment Terms table.

The first three roles are standard Microsoft Dynamics NAV roles. The last role is a new role that has been created for this example. For this example, a user called TestUser has been assigned these roles.

NoteNote

To complete this example you must be able to log on as two different users—TestUser who wants to post in the G/L Journal and an administrator who modifies the roles and permissions that TestUser has been assigned. The administrator has been given the SUPER role. It is also important to remember that TestUser must log off and log on every time the administrator modifies the permissions.

In this scenario, you only want TestUser to be able to post entries that relate to the Administration department (Global Dimension 1). You must therefore apply security filters to the roles you have given TestUser. You must apply these filters to all the roles that give TestUser permission to access the G/L Account and G/L Entry tables.

See Also