Setting Security Permissions
NAV provides multiple levels of security that can be applied across your business systems, but do you and your managers understand it? Do you really know what your users can access, or change within the system? Would it worry you to find out the extent of a user’s access?
Most managers will know that they can choose whether or not to give users NAV ‘database level access’, where you either add them to your user list yourself or request the IT department (or your NAV partner) to add the appropriate details for you.
At this level, the user is able to open the database but can’t see or do anything. To determine what they can see, you need to add one or more permission sets to the user, which tell NAV what they can see when they open the software.
Choosing the Permissions Level
At this stage, you can determine which companies’ data the user can access. This is useful if you have multiple companies but want to have control over who can post into each one, or to hide historic companies rather than deleting them. This is known as the ‘company level security setup’.
Next, you can decide which tables people can view and what they can do with them. This might be allowing them to view customer information but not amend it, or they can create an invoice but not post it. Or, they can do everything apart from change the setups.
You may set them up as a ‘super user’, which means they can do everything Nav will allow them to. This is the ‘object level security setup’, where you can apply specific permissions regarding what the user can read, insert, modify and delete.
The final level, not used often, is the ‘record level filter’. This is where you apply a data filter on the tables to show what users can or can’t see. The most common use for this is on the G/L, to hide a set of G/L accounts and entries from the employees, such as payroll.
Restricting Permissions to Maintain Security
There is now a new way to restrict users in Dynamics NAV (formerly Navision), and this is via ‘profile configurations’ rather than ‘permission sets’. There is one big risk with this method, as you can mistakenly give users the ability to change the profile they use.
For example, you may assign them a basic menu suite assuming it’s safe, but they find the option to change their profile (very easy to find from the web portal), meaning they can access the same views and menus as you do.
How does this happen? The most popular permission setting that people use is ‘super’, which gives users access to everything that your license allows – set up users, remove users, change setups. It also gives them the ability to delete everything NAV allows within its own criteria and checks.
Conclusion
How security conscious should you be? While you want your staff to have access to everything they need to do their jobs properly, it’s important to maintain data security and to protect the integrity of your clients and to safeguard your professional reputation.
It’s worth spending some time looking at what permissions your users have and what that gives them access to, and to have a process in place when setting up new staff members.
If you have any questions or concerns about your own business security, the CBIZ team are more than happy to help.