How To Set Up Object Level Security

Overview

Video: Object Level Security (9:54)

In some cases it may be necessary or desirable to restrict users from accessing certain forms, pages, reports or other objects in NAV even when the user permission sets permit access to the data. For example, a user may need to enter Sales Orders and Invoices and therefore has a permission set with permission for Sales Header and Sales Line. However, what if you want to deny the user the ability to enter Sales Credit Memos? This would be impossible to do with a standard NAV security setup, because Sales Credit Memos utilize the same tables as Orders and Invoices. That is where Easy Security Object Level Security comes in.
This document shows an example of how this powerful tool can be quickly and easily setup to restrict access to certain pages in NAV.

Example

First, in Easy Security, Security Setup, go to the Object Level Security tab.

Forms, Pages and Codeunits are not limited by default, so all of these objects are included in the permission set called "ES_TECH_ALLOBJFREE". The intention here is to have a standard permission set which can be assigned to all users allowing access by default to the objects in the system that you do not care to restrict.

Reports, Dataports and XMLPorts are conversely limited by default. The "ES_TECH_ALLOBJFREE" permission set will not contain permission to these object types unless they have been explicitly set up in Object Properties, as we will show momentarily.

Click on Object Properties in the Action pane.

During the initial install of Easy Security, the limited license objects were added here automatically.

For our Sales Credit Memo example, we need to add the pages here that allow access to the credit memo pages so that we can "turn on" Object Level Security for those objects.

Click on Add from Relations

We could have added the pages manually, but this option allows for applying filters and adding multiple objects at one time.

Filter on Object Type Page, Relation Object Type TableData, and Relation Object ID 36|37

Highlight/Select pages 44 and 96 and then click Add Selected to Limited Access Objects

The pages have been added to Object Properties now with Object Level Permissions checked.

Back on Security Setup, click on Update All Free Permission Set so that the pages we specified will be removed from the "ES_TECH_ALLOBJFREE" permission set.

Next Publish Permissions

With permission sets similar to the below permission group, a user would have had access to all of the Sales documents prior to our change. Now, he should be able to access Sales Orders and Invoices but not be able to enter Credit Memos.

The steps outlined above will apply to any objects that are NOT limited by default. What about Reports and other objects that ARE limited by default? Remember that with the Pages we wanted to restrict above, we added those to Object Properties which ultimately led to them being excluded from the "ES_TECH_ALLOBJFREE" permission set. In the case of objects that we limit by default, we will add to Object Properties those that we wish to be included in the "ES_TECH_ALLOBJFREE" permission set.

For example, we may want all users to be able to execute the Sales Order Confirmation report.

In Object Properties, simply add a new line and select the Sales Order report

Remember to go back to Security Setup and Update the "ES_TECH_ALLOBJFREE" permission set

The Sales Order report has now been added to the "ES_TECH_ALLOBJFREE" permission set. After Publishing, all users with the "ES_TECH_ALLOBJFREE" permission set will have access to execute the Sales Order Confirmation.

Don't Like

Related resources

Download software from Mergetool.com