Up until now the process of setting up specific Permission Sets to control exactly what tables somebody can access in Microsoft Dynamics NAV has always been a drawn out exercise and a case of trial and error (literally) without the purchase of an Add-on software solution.
A neat tool that has been embedded as part of the Dynamics NAV 2016 release is a Permissions Recorder, which is accessed through the Permissions screen. Note that the Permissions tool is used for assignment of Table Data (controlling what you can do with data) permissions, rather than other system objects such as Pages and Reports. This is used in conjunction with Permission Set functionality.
Whilst not a fully comprehensive tool yet (it has limitations which shall be discussed below) it is certainly a big step forward to providing guidance on what permissions a user will require.
The general concept that we would adhere to when setting up permissions would be to create a Permission Set that is named according to a business process required to be carried out by a user. The Permission Set itself is the container to hold the group of individual permissions that can be granted in Dynamics NAV.
For the purpose of demonstration, a new Permission Set will be created for to hold permissions relevant for creation and release of a Sales Order, as shown below.
The Permissions Recorder is accessed within the Permissions screen for a chosen Permission Set. From the Permission Sets screen select Permissions, which is accessible from the Ribbon at the top of the screen. From within the Permissions screen you will see the Permissions Recorder option as highlighted below.
To record permissions into the Permission the following steps are required:
- Start the Record Permissions process
- Carry out user processes required in Dynamics NAV
- Stop the Record Permissions process
Start the Record Permissions Process
This step is completed simply by pressing the Start button as highlighted above. A message will be shown, as below, regarding cached data which could impact the results of the Permissions being recorded.
To ensure that all required object permissions are captured, you should therefore run the Permissions Recorder immediately after opening a database Company. Press ‘Yes’ to begin the recording process and simply minimise the Permissions screen. Note: do not close the Permissions as this will stop the recorder.
Carrying out user process
With the recorder running, you can process the actions associated to the process required to be run by the user, in the case of the Sales Order Creation and Release activities that you would expect the user to perform. Remember to complete as many variations of the process as you believe possible, such as changing Ship-to information on an Order or perhaps processing with and without Prepayments.
Stop the Record Permissions Process
Once you’re happy that you’ve covered the scenario in full, return to the Permissions screen and press the Stop button on the Permissions Recorder.
A message will be shown asking “Do you want to add the recorded permissions” prompting you to confirm that you want the recorded permission adding to the Permission. If you say no at this stage you will lose the recorded information as nothing will be saved to Dynamics NAV.
Reviewing Permission Information
Table Data permissions will now have been listed within the Permissions Window, as can be seen in the screenshot above. The Permission Set can then be assigned to the relevant User (or User Group) as required. Obviously testing will need to be done on the Permission Set before release into a Live environment but this is a great leap forward in the product.