Related Items

Tuesday, November 29, 2016

Navision Permission Set Security Hole

In Navision we can create user profile for every users. Let say you create a user profile named PURCH-PR which you copied it from profile Purchasing-Agent. In the PURCH-PR you remove menu for Item Card ( Item Master ).   


After you assigned the PURCH-PR profile to one user, if that user login into the NAV system, It seems he/she can not open the Item Card menu, because there is no menu for item card under the tree Home or under the tree PostedDocuments.  Even if he/she tried to type Item on search box on the top right of the screen, It won't drive you to the menu Item Card.

in Fact the user still able to access the Item Card menu from the Purchase Request line menu, there is a link NEW. If the user click that link, It will show the Item Card menu, see the capture screen below.


if the user clicked link New, the system will open the Item Card Menu and the user can entry data on that menu.


Probably you want to block for the user you assigned PURCH-PR profile from entering a new data in the menu Item Card by setting of permission sets for that user, eg. you assigned permission set INVT-ITEM-REGISTER ==> read item registers. You hope, if the user still able to see the menu for Item card you will make it read only.

After setting the permission set, then you ask user to logout and login again. Then this permission set does not have any impact at all, the user is still able to entry data in Item Card master. It is very funny....:)







No comments:

Post a Comment