Easy Security: Role Builder versus manual Maintenance of Role

Roles should be maintained as small tasks to allow for easily modifying and adding permissions when new customizations or add-ons are added to the database. Using a recording for a change in process, a small Role can easily be updated.

The 0 permissions for objects should not be used in many different roles. This permission is so powerful that trying to control object level permissions when this is scattered in many different roles is very difficult.

If a role is created to be a complete set of permissions that a user needs for doing all the work in a day, several roles will be created for each type of user in a company. This will turn into a nightmare for maintenance, because hundreds or even thousands of permissions are repeated again and again in each role. The Role Groups should be used instead to maintain this by building a Role Group with multiple smaller Roles.

If a new customization or add-on is added, a small recording can be created with the changes. This recording can then be added to the Roles affected by the changes. In this way it is easy to track changes and even reverse permissions added if a mistake happens.

Using Security Filters with Easy Security is no different than in base NAV. There are some limitations of the implementation in NAV. Permissions are always added, which will cause a Security Filter to be removed if permissions to the same table are given from another role. This makes it very hard to use for tables like G/L Entries or similar, where permissions are given from many roles.

A Security Filter is normally also user specific, but the setup within a Role makes it unavailable by user. This will cause a lot of very similar roles to be created based on different Security Filters needed.

Field Level and Data Security supports this in a much better way than what Security Filters can be used for.

Like   Don't Like

© 2024 All rights reserved.

Related resources

Download software from