Sometimes clients ask me can we have permission sets for group of users in NAV so when we add new user to our for example finance department and we grant him/her access to NAV he/she automatically get appropriate permission set.
Till now we first must add user to NAV, then grant all permission sets for that user and sometimes it was hard job if we don’t know what is user role in organization, and what that user should access in NAV.
Now in NAV 2016 we have User Groups for which we can specify permission sets and users who belongs to specific User Group. Also we have improvements in Permission Sets and Permissions which will be covered after User Groups in this blog post.
Idea behind User Groups is to create user group for specific group of users in Navision, add permission sets with their permissions to that user group and in last step add user to user group.
With user groups we got simplified overview of which permission in NAV user has, and we don’t need to manage every time all permission sets for new users.
To access and to create user group you need to go to Departments –> IT Administration –> General –> User Groups
On the Process group in Home tab on Navigation pane we can see that we have ability to see User Group Members which can be assigned based on company. For example we have new employee in our company who can only see master data on production company, but for some testing purpose on test company we will grant them access to post documents. In that case we will assign him/her into User Group which will have read only permission sets and on User Card we will specify that User group is valid for production company. In next step we will assign new employee to (for example Sales) user group and we will say that this user group for that user is valid on test company. With Sales User Group user will be able to read, edit, modify, delete master data, post documents but on test company.
How it looks like in NAV 2016 you can see on next few pictures. For this short blog post I previously created RO Sales user group and Sales All user group. To apply user groups to user I must go to user card in IT Administration department (Departments –> IT Administration –> General –> Users) and click on edit. User Card window will open.
In NAV 2016 we have new fast tab on user card named User Groups. On picture below we can see that user Sales2 has RO Sales user group which grant read only permission set to Cronus International and it is member of Sales ALL user group which will grant permission for Sales and Receivables.
Another BIG new features in user administration is related to Permission Sets and its permissions.
After you created new permission sets you need to grant permission on tables, table data, codeunits and other objects in NAV and that’s not BIG news, but when you click on Permission then you will find a lot of new features.
First what you can notice is that in your new permission set you can include tables from existing permission sets by clicking on Include/Exclude Permission Set.
All you need is to choose which permission sets you want to include to your permission set and list with objects will be in your permission sets.
Then if this is not enough you click on Actions on Ribbon and there you find a whole new set of options, actions and etc.
Let’s start with first (most left) which is almost the same like first six. ‘Allow Read, Allow Insertion, Allow Modification, Allow Deletion, Allow Execution, Allow All’ are new features which replaces clicking on objects on which you want to add specific permission. You just simply need to select tables from list of tables and click Allow Read and all tables will get Read permission.
Also you can grant Indirect permission or delete permission from table.
Next big thing is Add Read Permission to Related Tables. This functions helps you to automatically populate related tables with Read Permission = Yes. So if I select table 18 (Customer) and grant Read and Modify permission and then click on Add Read Permission to Related Tables NAV will automatically populate my permission set with all related tables to table 18 and grant read permission to them.
Last but not least and one of my favorite feature is Record Permission. With this feature you can start record what you are clicking, which records in which tables you insert, modify, delete and based on your activity in NAV, NAV will automatically generate permissions in your permission set. If I turn on recording and then click on Purchase order and click Post, NAV will detect on which table (data) I read, modify, insert, delete data and will create permissions based on my activity.
Let’s say that user administration was never too easy like it will be from NAV 2016.
That’s all for today. In my future blog post about user administration I will cover more detailed every new feature, and how we can manage users in NAV.