How To Use Summary Permissions to Verify Login Permissions

Overview: This walkthrough explains how to use the Summary Permissions feature to verify the permissions that Logins/Windows Groups/Roles/Role Groups or Recordings have to the objects in NAV. Summary Permissions display the combined set of permissions per table for the selected entity (Login, Role Group, etc.)

1) From the Logins and Permissions menu, open the Update Summary Permissions window. This window provides the options that are available when updating Summary Permissions. Enter a checkmark in the field(s) that you wish to update Summary Permissions for. Then click Update. If the Show Status field is checked, one or more messages will be displayed depending on which option fields are checked.

2) Open the Logins list and highlight a Login. Our example uses the Database Login for Susan. Click on the Login line you wish to view and then click on Summary Permissions.

3) This opens the View Summary Permissions window. As you can see from the information provided, Susan has only R (Direct Read) permission to the Vendor Ledger Entry TableData (Table 25) in CRONUS North America and CRONUS Europe. This means the only thing that Susan can do with the Vendor Ledger Entry table data is Read it. She cannot post to the table or edit the data in the table. This is the type of information that auditors are interested in. You can use the Summary Permissions information to provide auditors with permission information for one or all of the options that are on the Update Summary Permission window.

4) From the View Summary Permissions window, you can remove the filter for Susan and view the permissions for all the Logins. Notice that Susan has 0 TableData permissions for the CRONUS Mergetool Company. This means Susan has permissions to all the TableData in the CRONUS Mergetool Company.

5) Open the Login Card for Susan and click on Update Login. You can see that she has 33 Roles and 77 Summary Permissions. Click OK to close the message.

6) Open the Edit Object Properties window from the Logins and Permissions menu. Add a line for TableData 36 (Sales Header) and enter a checkmark in the Object Level Permissions field for the new line. Close Object Properties.

7) Return to the Login Card for Susan and run Update Login. This time the message shows that she has 33 Roles and 79 Summary Permissions. She now has 2 additional permissions than she had before. Click OK to close the message.

8) From the Login Card of Susan, click on Summary Permissions to open the View Summary Permissions window. The information now shows the two extra permissions that Susan has to TableData 36. Susan has RIMDE access to TableData 36 (Sales Header TableData) for CRONUS Europe and CRONUS North America.

The Summary Permissions feature can provide the access information that a Login has to any object in NAV. All you need to do is add the Object to Object Properties, enter a checkmark in the Object Level Permissions field, update the Login and view the Summary Permissions for the Login.

9) However, you can calculate the Summary Permissions for all the objects in NAV by entering a checkmark in the Include All Summary Permissions: field on the General Tab of Security Setup. Security Setup is found under the Administration section of the Logins and Permissions menu.

By default this field is not checked, since running Summary Permissions for all objects in all companies for all users could take a considerable amount of time. For example, if you have 3 companies with 5,000 objects in each company, this would be 15,000 possible object permissions per user. It is easy to see that the numbers could add up quickly and that it could take a considerable amount of time for the Summary Permissions calculation to complete.

10) Conversely, if you enter a checkmark in the Manual Update of Summary Permissions: field, no Summary Permissions will be calculated at all. Checking this box will improve the speed of the Publish Permissions routine when high user counts are involved.

11) This can be tested by entering a checkmark in the Manual Update of Summary Permissions: field and updating the Login for Susan. The message now reports that Susan has 33 Roles but 0 Summary Permissions. That is because the checkmark entered in the Manual Update of Summary Permissions prevented any Summary Permissions from being calculated.

12) You can set filters for specific Objects to view the type of access that Logins, Roles, Windows Groups, Role Groups and Recordings have to the Objects. For example, a filter for Object Type of TableData and Object Range of 0|17 has been set in the View Summary Permissions window.

If you set an object number filter, always remember to include 0 in your filter. The 0 filter shows if the Login has any access controls that give access to all tables, such as Super (Read), Super (Data), etc. If you use only the Object Number(s) you are interested in (such as TableData 17 in this example) you would never know that Susan has(TableData 0)access to ALL TableData in the CRONUS Mergetool Company.

NOTE: If a login has been assigned Super Role permissions and also has some individual Roles assigned to it, the Super Role permissions override the individual Role permissions. This means NO individual permissions will be displayed for the individual Roles.

Like   Don't Like

© 2024 All rights reserved.

Related resources

Download software from