Microsoft Dynamics NAV comes packed with a set of predefined roles for many tasks such as editing or posting journals, creating sales orders, editing fixed assets, etc. It also comes packed with a SUPER role, which can do just about anything it wants.
There are two problems with the SUPER role. They are kind of pretty much entangled together.
The first one is—SUPER can do just about anything it wants (um, did I say that already?). The second one is—there are far more super users out in the wild than there should be. Is this your experience, too?
Working as a consultant, and having seen sorts of horror situations such as developers accidentally DELETEALL-ing the G/L Entry table or posting test invoices in production database, I often suggest to my customers to simply setup up a SUPER-READONLY user role, which still has access to everything, but just cannot make any changes. With this, you just eliminate any possible risk of someone accidentally doing mess in the system (which is exceptionally easy in NAV 4.0 and above, except for 2009 with RTC if you follow Mark’s ingeniously simple tip).
All you need to do is:
1. Go to Tools, Security, Roles
2. Create a new role, call it SUPER (READ-ONLY)
3. Click on permissions
4. Populate the form with values such as these:
And that’s it. So now you can assign this role to your consultants and your support personnel and give them a full unrestricted read-only access to the whole system, without having to worry if any action they did will lose your sleep at night.
Pingback: Read-only user role in Microsoft Dynamics NAV - Navigate Into Success
Pingback: Read-only user role in Microsoft Dynamics NAV | Pardaan.com
As you mentioned, in NAV 2009 R2, the RTC crashed as soon as it opened. The Event Viewer showed that this is because the RTC tries to modify records in the User Personalization table.
I therefore added Insert and Modify permission on that table (ID 2000000073) and, even without the System permissions, I could then access the database from RTC in read-only mode.
How to make them able to print and view? They cant modify anything but they want to print posted documents..how you handle that?
Hi vjeko,
Very good article, but can you reupload the image of read-only role setup for NAV? or just relist the setup please.
Thanks
Hi haryadi. The role is essentially a copy of the SUPER role, except that you remove all insert, modify and delete permissions on TableData 0.
Hi haryadi. The role is essentially a copy of the SUPER role, except that you remove all insert, modify and delete permissions on TableData 0.
Sadly I am unable to edit the drop downs for the permissions for anything other than the “table data” row.
I guess any blog post written 5+ years ago on this blog may not be correct anymore, let alone 13 years and counting. This is a technical blog, solutions I write are related to versions actual for the time when it was written.