This topic explains how to ensure that TestUser can only post entries in the General Journal that refer to the Administration department. You will need to ensure that the Department Code field is visible in the General Journal window.

Posting an Entry in the General Journal

To post an entry in the general journal

  1. Log on to the database as TestUser, open the General Ledger, and then click General Journals to open the General Journal window.

  2. In the Batch Name field, select CASH and enter the information that you want to post. Remember to select ADM in the Department Code field.

    If the Department Code field is not visible, click View, and then click Show Column to open the Show Column window. Select the Department Code field.

  3. Click Posting, Post (F11) to post the entry. You receive an error message informing you that you do not have read permission to the G/L Entry table.

    This occurs because each time you post a new entry it must be given a unique ID. Before this ID can be created, the ID of the last record in the G/L Entry table must be known. If the last entry in the table is not part of the ADM department, TestUser is not allowed to read it. If the last record is part of the ADM department, TestUser would be able to read it and would not receive this error message.

    To resolve this error, you must give TestUser indirect read permission to the entire G/L Entry table as described in the following procedure.

To give the user indirect read permission

  1. Log on to the database as the administrator.

  2. Create a new role that only contains permission to indirectly read from the G/L Entry table.

  3. Assign the new role to TestUser.

  4. Synchronize the security system.

  5. Log on to the database as TestUser and try to post the entry again.

    Unfortunately, you receive the same error message that you do not have read permission to the G/L Entry table. This occurs because the functionality of the form requires it to run a few codeunits and one or more of these codeunits needs to be able to read all the records in the G/L Entry table. To identify which codeunits are causing the error, you must use the Debugger to debug the code as the form is run.

    You must therefore give TestUser permission to run the Debugger.

  6. Create an extra role that only contains this permission and give it to TestUser.

  7. Remember to synchronize the security system after altering the permission system.

See Also