You create roles with the Classic client. If the default roles that are provided in the Classic client and the supplemental roles that you can import are not sufficient, then you can create new roles.

To modify a role, navigate to the Permissions (All Objects) window for the role, and then modify the permissions as needed.

Creating a Role

To create a new role with the Classic client

  1. Click Start, and then click Microsoft Dynamics NAV 2009 Classic with Microsoft SQL Server.

  2. On the Tools menu, point to Security, and then click Roles.

  3. On the Edit menu, click New to create an empty line on which to create the new role.

  4. Type an ID for the new role in the Role ID field and a description for the new role in the Name field.

  5. Press TAB to enter the new role in the security system. The roles are then ordered alphabetically by the Role ID field.

  6. Click the role row to select it.

  7. Click the Role button, and then click Permissions to open the Permissions window.

  8. Click All Objects to open the Permissions (All Objects) window for the role.

  9. Type or select the word Yes for all permissions that you are granting this role.

    You can also assign a value of Indirect. For more information, see the "Indirect Permission" section.

  10. Create any security filters that you want to apply to the permissions that you have assigned to the role.

    For information on security filters, see "Installation & System Management: SQL Server Option for the C/SIDE Client" (w1w1isql.pdf). This file is available from the Microsoft Dynamics NAV 5.0 Developer and Installation Guides page in the Microsoft Download Center.

  11. Click OK in the Permissions (All Objects) window.

    The role is now defined.

Indirect Permission

The values for table permission are Yes, Indirect, or blank, which indicates no permission. You can use indirect permission to use an object only through another object.

For example, a user can have permission to run codeunit 80, Sales-Post. The Sales-Post codeunit performs many tasks, including modifying table 39, Purchase Line. When the user runs the Sales-Post codeunit, Microsoft Dynamics NAV checks whether the user has permission to modify the Purchase Line table.

  • If not, then the codeunit cannot complete its tasks, and the user receives an error message.

  • If so, the codeunit runs successfully.

However, the user does not need to have full access to the Purchase Line table to run the codeunit. If the user has indirect permission for the Purchase Line table, then the Sales-Post codeunit runs successfully.

When a user has indirect permission, that user can only modify the Purchase Line table by running the Sales-Post codeunit or another object that has permission to modify the Purchase Line table. The user can only modify the Purchase Line table when doing so from supported application areas. The user cannot run the feature inadvertently or maliciously by other methods.

See Also