How to: Create or Edit a Permission Set

If the default permission sets that are provided with Microsoft Dynamics NAV are not sufficient or not appropriate for your organization, then you can create new permission sets.

If the individual object permissions that define a permission set are not adequate, then you can edit a permission set.

Creating or Editing a Permission Set

To create a new permission set

  1. In the Search box on your Home page in the Microsoft Dynamics NAV Windows client, type Permission Sets and then click Permission Sets in the Results list.

    The Permission Sets page opens.

  2. On the Permission Sets page, click New.

    The New – Permission Sets page opens.

  3. Type a name for the new permission set in the Permission Set field, and a brief description for the new permission set in the Name field.

    The name of the new permission set is automatically formatted in all uppercase letters.

  4. Click Permissions to open the Edit - Permissions page.

  5. Type or select an Object Type on the first line in the list.

    Note

    If you would prefer to select from list that shows all database objects, instead of typing or selecting objects, click All Permissions.

  6. Type or select an Object ID.

  7. Click in the Object Name field to display the default name for the object.

  8. Type or select the word Yes for all permissions that you are including in this permission set.

    You can also assign a value of Indirect. For more information, see the "Indirect Permission" section, below.

  9. Create any security filters that you want to apply to the permissions that you have assigned to the permission set.

    For information on security filters, see Record-Level Security.

  10. To include permissions for additional objects, position the cursor on a new line in the list and repeat steps 5 through 9.

  11. When the permission set is complete, click OK to exit the Edit – Permissions page.

To edit a permission set

  1. In the Search box on your Home page in the RoleTailored client, type Permission Sets and then click Permission Sets in the Results list.

    The Permission Sets page opens.

  2. On the Permission Sets page, click Actions, then click Edit List.

    The Edit – Permission Sets page opens.

  3. Select a permission and click Permissions to open the Edit - Permissions page for the selected permission set.

    Each row in the list defines the permissions for one of the objects included in the permission set definition.

  4. Select an existing object to modify its permissions, or scroll to the end of the list and position the cursor on a new line to add an additional object to the permission set definition.

  5. If you are adding an object to the permission set definition, type or select an Object ID.

    Note

    If you would prefer to select from list that shows all database objects, instead of typing or selecting objects, click All Permissions.

  6. If you are adding an object to the permission set definition, click in the Object Name field to display the default name for the object.

  7. Type or select the word Yes for all permissions that you are including in this permission set.

    You can also assign a value of Indirect. For more information, see the "Indirect Permission" section, below.

  8. Create any security filters that you want to apply to the permissions that you have assigned to the permission set.

    For information on security filters, see Record-Level Security.

  9. Continue modifying objects, or adding new objects to the list until the definition is complete.

  10. Click OK to exit the Edit – Permissions page.

Indirect Permission

The values for table permission are Yes, Indirect, or blank, which indicates no permission. You can use indirect permission to use an object only through another object.

For example, a user can have permission to run codeunit 80, Sales-Post. The Sales-Post codeunit performs many tasks, including modifying table 39, Purchase Line. When the user runs the Sales-Post codeunit, Microsoft Dynamics NAV checks whether the user has permission to modify the Purchase Line table.

  • If not, then the codeunit cannot complete its tasks, and the user receives an error message.

  • If so, the codeunit runs successfully.

However, the user does not need to have full access to the Purchase Line table to run the codeunit. If the user has indirect permission for the Purchase Line table, then the Sales-Post codeunit runs successfully.

When a user has indirect permission, that user can only modify the Purchase Line table by running the Sales-Post codeunit or another object that has permission to modify the Purchase Line table. The user can only modify the Purchase Line table when doing so from supported application areas. The user cannot run the feature inadvertently or maliciously by other methods.

See Also

Tasks

How to: Work with the BASIC Permission Set

Concepts

Special Permission Sets
About Permissions
Object-Level Security