Microsoft Dynamics NAV User Setup Table and the Myth of Security
When did adding a check box to the User Setup table become the defacto way of adding custom security to Dynamics NAV? It seems as though this has been the standard for as long as I have been in the industry (over 11 years) and it has just never made any sense to me. Let’s explore some of the reasons why it’s a bad idea to set up security this way and look at an alternative.
Dynamics NAV already has a method to control security. Roles and permissions are part of the standard product. They can control whether or not you can create customers, post purchase orders, and many of the other NAV operations. It also makes sure that no one can get in there and assign permissions to themselves and they can’t assign permissions to other people that they don’t have themselves. Most companies do not have correct permissions set up for the User Setup table, but even if they did, those users with access should not be able to grant themselves permissions that they don’t already have.
Using the User Setup table for security also creates confusion about how to give someone permission to perform an action, as there are multiple places to control those permissions. Unless you are skilled at reading code or the developer has created an above average error message you have a 50/50 chance of going to the right place.
I understand why this became the norm: it has thought to be a faster and more cost effective solution. But, that’s not true either, especially when you reuse code.
This simple function can do the exact same thing:
AccessControl is a Record variable pointing to the Access Control table.
HasPermission(RoleID : Code) : Boolean
AccessControl.SETRANGE(“User Security ID”, USERSECURITYID);
AccessControl.SETFILTER(“Company Name”, ‘%1|%2’, ‘’, COMPANYNAME);
AccessControl.SETRANGE(“Role ID”, RoleID);
And it can be used:
IF NOT HasPermission(‘SUPER‘) THEN
ERROR(‘You need the SUPER role to perform this action.‘);
You will probably want to put SUPER into some sort of variable and use a text constant to hold your error message. Also, note that this is different depending on the version of NAV that you are using. This is every bit as easy as adding a checkbox to the User Setup table and is a much better to way to add custom security to some of your processes.