Office +1 (678) 666-2100
Fax: +1 (678) 666-1997

Search:

Definition of Fields on the Security Setup Window

General Tab

Publish Allowed: Indicates that the Publish Permissions routine can be processed from this company. Only one company in a database can be used to Publish Permissions. This field is tested to make sure that Publish Permissions can be processed from only one Company in a database.

SUPER Role ID: This field is used when publishing permissions from Publish Permissions. The SUPER permission is never removed from the Login that publishes permissions. A Role Detail is not generated for this Role and therefore it cannot be changed.

Include All Summary Permissions: Checking this box causes all objects to be included when Summary Permissions are calculated. Summary Permissions display the combination of all the Roles that a Login has. The Role permissions are broken down by table. By default, this box is NOT checked due to the length of time the calculate Summary Permissions process can take if several logins or several companies are included.

To control which data is included when Summary Permissions are calculated, open the Update Summary Permissions window (Easy Security/Logins and Permissions/Tasks/Update Summary Permissions). Select the boxes of the information that you want to update. The options are: Logins, Windows Groups, Roles, Role Groups, Recordings and Show Status.

When the Summary Permissions routine is processed, Summary Permissions will be calculated based on the boxes that are checked. This feature provides a good source of information to provide auditors. For example, click on a Group ID in the Role Groups window and this displays what each Group ID has access to. The Summary Permissions feature is used mainly for Auditors. Use Manual Calculations IF you have a large number of users.

Manual Update of Summary Permissions: Checking this box prevents the calculation of Summary Permissions when updating Logins. Having this box checked will improve the speed of the Publish Permissions routine when high user counts are involved. Summary Permissions for individual Logins can be processed using the Update Login feature from the Logins window or a Login Card.

Object Range Filter: Set a filter here to limit the number of objects that are searched when the Update Limited License Objects process runs during installation and setup of Easy Security. Some objects are in the 2 billion number ranges. Therefore this routine can take many hours to complete if a filter is not set. The field is editable so custom or add-on tables can be added to the filter. To manually run the process, access the feature from the Security Setup window - Actions/Functions/Advanced/Update Limited License Objects.

Publish Allowed Company Name: Select the name of the Company that is used to publish permissions. This box will be blank in the Publish Permissions Company. This box can only be populated in NON-publish allowed Companies.

Only Recording Allowed: When recordings are made using the Client Monitor, this box is checked to make sure the Company has been set up to make recordings. This box will remain blank in the Publish Allowed Company. The box can only be populated in NON-publish allowed Companies.

Lines to Match in Compare: Enter the number of lines that are required to be equal when running a comparison between files. This value will normally be 1.

Lines to Include in Log: This is the number of equal lines (before and after the changed lines) that will display in the comparison log file. This value will normally be set to 2.

Maximum Lines to Search: Set the maximum number of lines to search when a comparison is processed. Without a value in this field, it is possible that too many lines will get inserted into the Text Line Table during a comparison. If this happens it can take an extensive amount of time to complete the comparison process. It is also possible that the comparison may never complete. When the search feature stops, a simple test is done for the lines that are inserted into the Text Line Table. If this test fails, the rest of the lines will be marked as being different. A good value for this field is 200 to 500. If the maximum line search number is doubled, the length of the search time will increase 4 times.

Allow 0 permissions: Entering a checkmark in this box prevents the question "Insert Permission for 0?" from being asked when a "0" permission is added to a Role, Login, etc. for an object. Adding the 0 permission to anything is a very powerful permission. The 0 permission on an object allows access to all of that type of object. It is highly recommended that this box be left blank so a "0" permission will not be accidentally given for any object.

Allow Blank Company: Entering a checkmark in this box prevents the question "Insert Permission for the "Blank" Company Group?" from being asked when the Company field is left blank when adding permissions to a Role, Login, etc. Adding the "blank" Company to a Role, Login, etc. is a very powerful permission. Adding a "blank" Company to a Role, Login, etc. allows access to all Companies for the Role, Login, etc. It is highly recommended that this box be left blank so access to all Companies is not accidentally given.

Object Level Security Tab

Form Level Security: Checking this box turns on Object Level Security for Forms. If Limit All Forms is NOT checked, the AllFree Role (when updated) will contain the list of unrestricted forms and any forms added to Object Properties will be restricted and removed from AllFree.
Conversely, if Limit All Forms is checked, the AllFree Role will contain only those forms added to Object Properties and all others will be restricted by default.

Limit All Forms: Checking this box limits permission to ALL Forms by default. Forms added to Object Properties will be added to the AllFree Role. Otherwise permissions will have to be given to a Role through creating a Recording or manually.

NOTE: The same definition is valid for the remainder of the "Level Security" and "Limit All" boxes.

All Free Tables Role ID: This is where you designate the Role that includes the Tables that have no execute restriction on them. Logins will have execute access to the objects that are included in this Role when the Role is assigned to them.

NOTE: The same definition is valid for the remainder of the All Free Object fields. A Role must be identified and entered for each Object Type.

Default Permission Tab

Default permissions can be added to objects when records for the objects are inserted in Role Permissions and Role Builder Permissions. The fields on the Default Permission tab are used to establish default permissions for the various types of objects.

For example, if you want the Read Permission to always be given to an object every time that object is added to a Role Permission, set the value in the TableData Read Perm. Default field to Yes. Every time that Table is inserted in a Role Permission or Role Builder Permission, Read permission will be given for the object. If you want the default permission to always be Indirect, then set the field for the specific object to Indirect. If you do not want default permissions for a specific object type, leave the default field blank.

This feature helps keep your system more secure by making you remember to give permission for an object rather than remembering to remove permission for an object.

The more blank fields there are on the Default Permissions tab, the tighter the security is. This is because the only way a Role will get permissions is from a recording or when permissions are manually added.

Restore Point Tab

Default Restore Point File Name: Here you can set up a default path to where Restore Point files should be stored. If you set up the path as shown below using the percent sign and 1 at the end of the file name, the file name will increment by one each time a file is created. This makes each file name unique.



Last Restore Point No.: This is the number of the Restore Point file that was created.

Include Objects in Restore Point: When this box is checked, the Restore Point Process captures a snapshot of the Object Version Code, Object Type, Object ID, Object Name, Object Caption, Exists in Easy Security and Exists in Live information. This information is not used for anything inside Easy Security. It can be used as a developer tool for comparing objects, etc. Use of this feature will cause the size of the Restore Point to increase.

No Parent Permissions in Restore Point: When this box is checked, the Parent Permissions are not captured by the Restore Point feature. This reduces the amount of records that is captured during the Restore Point process by eliminating redundancies.

No. of Restore Points to Keep: Enter the value for the number of Restore Points that you want to retain.

Optimized Publishing: When this box is checked, it improves the performance of updating logins and roles as well as the publishing of permissions. The process has been updated to minimize the amount of writing to the database. This can reduce the amount of time needed for updating by 50%. Customers who used Easy Security before this feature was added will need to check this box manually to activate the new algorithm.

Source Code Analyzer Tab

Source Code Analyzer Enabled: When this box is checked, the Source Code Analyzer is activated. If a full NAV license is not purchased, code changes have been introduced that will allow the Source Code Analyzer to continue to process. In this situation, the Source Code Analyzer will not call the functions that call the codeunits that are not on the license.

Source Code File Name: Here you can set up a default path to where Source Code Files should be stored. If you set up the path as shown below using the percent sign and 1 at the end of the file name, the file name will increment by one each time a file is created. This makes each file name unique.



Create Variables: Is not used by anything inside Easy Security. It is good information for the customer. When this box is checked, variable data is created when the Source Code Analysis is run. This information can be very useful to programmers.

Use Indirect for FlowFields: When this box is checked, additional permissions will be added to the Role Permission and Role Builder Permission for flowfields. To calculate a flowfield you only need indirect read permissions - except for the "count" ones. This feature is used in older versions of NAV.

Add Execute to Factbox on Page: Check this box if you want to add the execute permission to FactBoxes and Pages that are related to a Table. There is NO reason to ever turn this box OFF for a new install. It should always be on. This feature was originally added for use by existing customers of NAV.

Role Builder Tab

Role Builder Enabled: When this box is checked the Role Builder will build the relations among objects based on the results of the Source Code Analyzer. However, it is possible to purchase the basic Easy Security granule 14119010 without purchasing the Role Builder. If the Role Builder granule was not purchased, then this box should be left empty. The basic granule allows groupings of user, company groups, restore points and summary permissions.

Default Recording File Name: Here you can set up a default path and name for Recording files. Here you can set up a default path to where the Source Code Files should be stored. If you set up the path as shown below using the percent sign and 1 at the end of the file name, the file name will increment by one each time a file is created. This makes each file name unique.



Last Recording No.: This field displays the number of the last Recording that was made.

Recording Company Identifier: This field is used to identify the different companies that recordings can be made in. All recordings from the various companies are made using the same Recording Nos. Adding a Company ID for each company identifies which company the recording was made in and it also makes the recordings unique from each company. That way the recordings can be added together into one company if desired by using the Copy from Company feature.

Default Role Detail File Name: Here you can set up a default path to where Role Detail files should be stored. If you set up the path as shown using at the end of the file name (C:\temp\RoleDetail.txt) the number at the end of the file will increment by one each time a file is created. This makes each file name unique.

NOTE: All Roles can have a Role Detail except for the Super Role.

Timer Update Interval: This is the interval in seconds between automatic updating of recorded permissions based on the Client Monitor entries. This timer is set on the Client Monitor to empty the Client Monitor data from the temporary table. The Client Monitor uses a temporary table that has a size limit of 2GB. If the table goes over the 2 GB limit, an error is received. The emptying of the temporary table in a timely manner prevents the error from being received.

Add All Role Builder Permissions: When this box is checked, Object Level Security is used to limit the Role Builder Permissions that are added to a Role. This makes for a more precise system as far as security is concerned. Normally this box will be checked. When this box is unchecked - only Table Data permissions are added to Roles. Unchecking this box reduces the size of the information file that is captured.

Add All Recording Permissions: When this box is checked, Object Level Security is used to limit the Role Builder Permissions that are added to a Role. This makes for a more precise system as far as security is concerned. Normally this box will be checked. When this box is unchecked, only Table Data permissions are added to Roles. Unchecking this box reduces the size of the information file that is captured.

Use Limited License Permission: The Easy Security install process reads all the permissions on the customer license. Marking this box prevents users from gaining more permissions than they should have based on their license. This holds true even if they run on a partner license later. This box is really useful for customers who purchased the Solution Developer granule 7300. Normally this box will be checked.

Add History and Security Permissions: This box should be checked if the Lanham History and Security solution is being run in conjunction with Easy Security. You also need to replace ES Codeunit 14123507 with a special Codeunit 14123507 (ES1.00.47 HM Intengration.fob) that is available in the Easy Security installation files. Adding the special codeunit and checking this box will cause the two products to integrate and work together.

Extend Insert Permissions: By checking this box, the Modify permission will automatically be added to a recording as an extension of the Insert Permission. For example, you are creating a Customer Card recording for a Role. However, the user forgets to modify some information on the customer card so it will be captured by the recording. If this happens, the recording will capture the Insert permission for creating a Customer Card, but will not capture the Modify permissions for the Customer Card. Checking this box will cause the Insert Permissions to extend to also include the Modify Permissions.

If a tight security system is desired, this box should not be checked. Therefore the only way a Role will get Modify permissions is when a modification of the object is done during the making of a recording or the permission is manually added to the Role.

Extend Insert to Delete: By checking this box, the Delete permission will automatically be added to a recording as an extension of the Insert Permission. However the delete code does a host of other functions that will not get picked up unless a true delete is performed. It is recommended to leave this box unchecked and just remember to use the delete function during the making of a recording.

Add Related Permissions: When this box is checked, relations from the Relations Table will be added to the permissions if the Origin for the permission in the Role is Recorded. All TableData required for Table Relations and Flowfields will be added with Ready permission. This allows for easier recording of Role Detail when all lookups do not need to be used and flowfields are calculated.

If a tight security system is desired, this box should not be checked. Therefore the only way a Role will get Modify permissions is when a modification of the object is done during the making of a recording or the permission is manually added to the Role.

Role for Both Clients: When this box is checked permissions for both Forms and Pages are created during a recording. This means recordings made from the RoleTailored Client will also work in the Classic Client and vice versa. This allows for easier recording of Role Detail when using just the Classic Client or the RoleTailored Client.

Keep Imported SQL Trace Data: If this box is checked, SQL Profile Trace files will be maintained instead of deleted. These files can be used for debugging or testing purposes.



Like   Don't Like

© 2017 Mergetool.com. All rights reserved.



Related resources

Download software from Mergetool.com