kriki: NAV Security using Windows Groups

[Blog bot]

Some time ago, one of my colleagues had a problem with security in NAV. She created security for some users so they should only be able to see some companies, but not others.

After setting it up and letting the users log off and on again, they still saw all the companies. Why was that?

When I took a look at the Windows logins , I found a Windows Login that looked more like a Windows Group (it was named something like domainnavusers) than a normal windows user login. Checking the roles attached to that login, I found that it was SUPER user in all companies.

Probably the user was also part of that Windows group. How can you check that (apart from asking the domain admin)?

There is table 2000000056:”User SID”. You need to create a form/page/report on that table and run it using the users session. It shows all the windows logins and windows groups of the current(!) user.

And in the list was the group domainnavusers. So the current user was SUPER in ALL companies.

Removing the SUPER from that user and after letting the user logoff and on, the user saw only the companies he should see.

Another thing about security I want to add is this: the security each user has is the union of all security-settings of all the groups the user belongs to.



Читать дальше