Skip to content

User Setup Table, Security, and Dynamics NAV

The Myth of Security in Microsoft Dynamics NAV - User Setup Table

When did adding a check box to the User Setup table become the defacto way of adding custom security to Dynamics NAV? It seems as though this has been the standard for as long as I have been in the industry (over 11 years) and it has just never made any sense to me. Let’s explore some of the reasons why it’s a bad idea to set up security this way and look at an alternative.

Dynamics NAV already has a method to control security. Roles and permissions are part of the standard product. They can control whether or not you can create customers, post purchase orders, and many of the other NAV operations. It also makes sure that no one can get in there and assign permissions to themselves and they can’t assign permissions to other people that they don’t have themselves. Most companies do not have correct permissions set up for the User Setup table, but even if they did, those users with access should not be able to grant themselves permissions that they don’t already have.

Using the User Setup table for security also creates confusion about how to give someone permission to perform an action, as there are multiple places to control those permissions. Unless you are skilled at reading code or the developer has created an above average error message you have a 50/50 chance of going to the right place.

I understand why this became the norm: it has thought to be a faster and more cost effective solution. But, that’s not true either, especially when you reuse code.

This simple function can do the exact same thing:

AccessControl is a Record variable pointing to the Access Control table.

HasPermission(RoleID : Code[20]) : Boolean
AccessControl.SETRANGE("User Security ID", USERSECURITYID);
AccessControl.SETFILTER("Company Name", ‘%1|%2’, ‘’, COMPANYNAME);
AccessControl.SETRANGE("Role ID", RoleID);
EXIT(NOT AccessControl.ISEMPTY);

And it can be used:

IF NOT HasPermission('SUPER') THEN
  ERROR('You need the SUPER role to perform this action.');

You will probably want to put SUPER into some sort of variable and use a text constant to hold your error message. Also, note that this is different depending on the version of NAV that you are using. This is every bit as easy as adding a checkbox to the User Setup table and is a much better to way to add custom security to some of your processes.

For more helpful hints on getting the most out of Dynamics NAV, please visit our website. Be sure to subscribe to our blog and newsletters, so as never to miss update. 

Read ArcherPoint's Blog Follow us on Twitter Follow us on Facebook Follow us on LinkedIn Link to our RSS feed Join us on Google+ Watch us on YouTube
Get Help Now