Read-only user role in Microsoft Dynamics NAV

image Microsoft Dynamics NAV comes packed with a set of predefined roles for many tasks such as editing or posting journals, creating sales orders, editing fixed assets, etc. It also comes packed with a SUPER role, which can do just about anything it wants.

There are two problems with the SUPER role. They are kind of pretty much entangled together.

The first one is—SUPER can do just about anything it wants (um, did I say that already?). The second one is—there are far more super users out in the wild than there should be. Is this your experience, too?

Working as a consultant, and having seen sorts of horror situations such as developers accidentally DELETEALL-ing the G/L Entry table or posting test invoices in production database, I often suggest to my customers to simply setup up a SUPER-READONLY user role, which still has access to everything, but just cannot make any changes. With this, you just eliminate any possible risk of someone accidentally doing mess in the system (which is exceptionally easy in NAV 4.0 and above, except for 2009 with RTC if you follow Mark’s ingeniously simple tip).

All you need to do is:

1. Go to Tools, Security, Roles

2. Create a new role, call it SUPER (READ-ONLY)

3. Click on permissions

4. Populate the form with values such as these:

Read-only role setup for NAV

And that’s it. So now you can assign this role to your consultants and your support personnel and give them a full unrestricted read-only access to the whole system, without having to worry if any action they did will lose your sleep at night.

Vjeko

Vjeko has been writing code for living since 1995, and he has shared his knowledge and experience in presentations, articles, blogs, and elsewhere since 2002. Hopelessly curious, passionate about technology, avid language learner no matter human or computer.

This Post Has 9 Comments

  1. Alastair Farrugia

    As you mentioned, in NAV 2009 R2, the RTC crashed as soon as it opened. The Event Viewer showed that this is because the RTC tries to modify records in the User Personalization table.

    I therefore added Insert and Modify permission on that table (ID 2000000073) and, even without the System permissions, I could then access the database from RTC in read-only mode.

  2. jazmine_669@hotmail.com

    How to make them able to print and view? They cant modify anything but they want to print posted documents..how you handle that?

  3. haryadi

    Hi vjeko,

    Very good article, but can you reupload the image of read-only role setup for NAV? or just relist the setup please.

    Thanks

    1. Vjeko

      Hi haryadi. The role is essentially a copy of the SUPER role, except that you remove all insert, modify and delete permissions on TableData 0.

  4. Vjeko

    Hi haryadi. The role is essentially a copy of the SUPER role, except that you remove all insert, modify and delete permissions on TableData 0.

  5. Andrew

    Sadly I am unable to edit the drop downs for the permissions for anything other than the “table data” row.

    1. Vjeko

      I guess any blog post written 5+ years ago on this blog may not be correct anymore, let alone 13 years and counting. This is a technical blog, solutions I write are related to versions actual for the time when it was written.

Leave a Reply