Yesterday I suggested to Microsoft an enhancement to the permission functionality. That was an informal suggestion so I logged into Microsoft Connect and added a formal suggestion.
In table 2000000005 Permission we can assign permission to objects. In the Classic Client we had the possibility to assign permissions to objects with the type System. This is not working in the NAV 2013 (R2) client.
This causes a problem, for example a user with SUPER (Data) permission can delete a company from the database.
I suggest that a new option be added to fields 6, 7, 8, 9, 10 in the above table.
Current option string is ” ,Yes,Indirect”
The new option string would be ” ,Yes,Indirect,Blocked”
If an access type is blocked in any permission entry the access will be blocked even if there is access in another permission set.
I would for example add a line to the Permission table for the SUPER (Data) permission set that will block Insert, Modify and Delete for table 2000000006 Company.
Please help me by voting for the suggestion.
Gunnar, I am in favor, but do you have a link to the connect entry?
b rg
Luc
Yes, it should be linked in the entry under “vote”.
https://connect.microsoft.com/dynamicssuggestions/feedback/details/825501/add-block-possibility-to-permission-table#tabs
Upped it also… And while they are at it they might just as well fix the Indirect rights.
https://connect.microsoft.com/dynamicssuggestions/feedback/details/816666/security-filter-not-applied-correctly-in-combination-with-indirect-rights
I click on vote 🙂