How to: Create or Modify Permission Sets
If the default permission sets that are provided with Microsoft Dynamics NAV are not sufficient or not appropriate for your organization, then you can create new permission sets. If the individual object permissions that define a permission set are not adequate, then you can modify a permission set.
Depending on the setting in the UI Elements Removal field in the Microsoft Dynamics NAV Server Administration tool, only UI elements on objects in the license or on objects that the user has permissions for will appear in the user interface. For more information, see Removing Elements from the User Interface According to Permissions. The majority of the permission sets that are provided with the CRONUS demonstration database cannot be combined with the FOUNDATION permission set to fully use the UI Elements Removal feature. You must first create or edit the relevant permission sets to avoid that the user is blocked from performing the involved tasks.
Creating or Modifying Permission Sets
To create or edit a permission set
In the Search box, enter Permission Sets, and then choose the related link.
In the Permission Sets window, choose New.
In the Permission Sets window, type a name for the new permission set in the Permission Set field and a brief description in the Name field.
The name of the new permission set is automatically formatted in all uppercase letters.
On the User Permission Sets FastTab, on the toolbar, choose Permissions.
In the Permissions window, type or select a value in the Object Type field on the first line in the list.
If you would prefer to select from list that shows all database objects, on the Home tab, in the New group, choose All Permissions.
In the Object ID field, enter the object that you want to define permissions for.
Fill in the five fields for the different permission types as described in the following table.
Specifies that the permission type is not granted for the object.
Specifies that the permission type is granted with direct access to the object.
Specifies that the permission type is granted with indirect access to the object.
Having indirect permission to a table means that you cannot open the table and read from it, but you can view the data in the table through another object, such as a page, that you have direct permission to access.
For more information, see the “Example – Indirect Permission” section in this topic.
In the Security Filter field, enter a filter that you want to apply to the permissions that you have assigned to the object. For more information, see Record-Level Security.
Repeat steps 2 through 8 to add permissions for additional objects to the permission set.
Example – Indirect Permission
You can assign an indirect permission to use an object only through another object.
For example, a user can have permission to run codeunit 80, Sales-Post. The Sales-Post codeunit performs many tasks, including modifying table 39, Purchase Line. When the user runs the Sales-Post codeunit, Microsoft Dynamics NAV checks whether the user has permission to modify the Purchase Line table.
If not, then the codeunit cannot complete its tasks, and the user receives an error message.
If so, the codeunit runs successfully.
However, the user does not need to have full access to the Purchase Line table to run the codeunit. If the user has indirect permission for the Purchase Line table, then the Sales-Post codeunit runs successfully.
When a user has indirect permission, that user can only modify the Purchase Line table by running the Sales-Post codeunit or another object that has permission to modify the Purchase Line table. The user can only modify the Purchase Line table when doing so from supported application areas. The user cannot run the feature inadvertently or maliciously by other methods.