Presentation is loading. Please wait.

Presentation is loading. Please wait.

 Complete solution for NAV Security ◦ RoleTailored and Classic Client  Field Level and Data Security ◦ Security beyond NAV’s standard abilities  Logins.

Published byEzra Mills Modified over 8 years ago

Similar presentations

Presentation on theme: " Complete solution for NAV Security ◦ RoleTailored and Classic Client  Field Level and Data Security ◦ Security beyond NAV’s standard abilities  Logins."— Presentation transcript:

1

2  Complete solution for NAV Security ◦ RoleTailored and Classic Client  Field Level and Data Security ◦ Security beyond NAV’s standard abilities  Logins and Permissions ◦ Tools for standard NAV security  NAV Easy Security Light ◦ Tools for small NAV customers to simplify security maintenance

3  Record permissions (TableData and objects)  Group permission sets and companies  Expiration date of access controls  Quick security ◦ Setup security by only denying access to few objects  100+ Segregation of Duties permission sets ◦ Tasks based on recordings to add customizations  Restore points for rollback and history  Object level permissions

4  Pages and forms ◦ Edit, read only or hide  Fields ◦ Edit, read only or hide  Actions and buttons ◦ Normal, greyed-out or hide  Filter data per page or form to only show some records ◦ User based filters or based on a calculation

5  Tools to maintain standard security ◦ Copy from other users ◦ Assign multiple permission sets in multiple companies ◦ Add related permissions to permission sets  Record TableData permissions  Snapshots can rollback individual users or permission sets

6  Maintain logins  Record permission set  Easy Security demo data  Publish permissions  Field Level Security  Data Security

7  2.60 executable or later ◦ Code released within 30 days of Microsoft ◦ Tested SOD Permission Sets 3 month after release  All NAV application versions  Only new objects (no merge required)  Application translated to 8 languages ◦ Danish, Dutch, English, French, German, Italian, Portuguese and Spanish  Complete English documentation and online help

8  NAV Easy Security ◦ Logins and Permissions ($ 2500)  Record permission sets, segregation of duties, quick security, grouping, restore points and a lot more ◦ Field level and data security ($2500) ◦ Complete solution ($4500) ◦ Fixed price training and support ($1500)  NAV Easy Security Light ◦ Free for base features ◦ Unlimited TableData recording ($250)  No additional object cost for CfMD solutions

9  "The time to set up a role manually could take up to 2 hours, but with NAV Easy Security, it takes 5 minutes, and 90-95% of the tasks were accurate after only one recording.“ Antoine Geffriaud Wood Group GTS Power Plant Services  “The number one thing is the amount of detail you can get on Easy Security and the ease at which you can set roles up” Dennis Harris Plant Manager, Marine Harvest

10  1000+ customers in 60+ countries are using NAV Easy Security ◦ Case studies on our web-site  Mergetool.com website ◦ http://mergetool.com/easysecurity.html http://mergetool.com/easysecurity.html  Request demonstration version or other questions ◦ info@mergetool.com or contact your NAV partner info@mergetool.com

11

12 Per Mogensen President

13 Per Mogensen

14  How does NAV Security work ◦ User access control ◦ Roles/Permission Sets  Best practices for NAV Security ◦ What does Microsoft deliver  NAV Easy Security Light

15  Hide data like payroll, recipes or sales data  Protect data from accidental changes  Ensure data integrity by protecting setup  Segregation of duties  External requirements (SOX)  Auditors

16  Combines Roles/Permission Sets with companies ◦ Access to single company or all companies  Permissions always add  Users can have access directly assigned or as part of groups using Active Directory ◦ Best suited for a single company setup ◦ High level access to NAV should be avoided

17  Can be administered directly in Active Directory  Many Windows Groups required when more than a single company  Work fine for low level access, but is a security risk for SUPER or similar access

18  A set of permission data, objects and system functions  Not related to companies only to permissions ◦ Access control under Users combine Roles and Company  Data security possible with Security Filters  No Field Level control

19  Data (TableData) ◦ Read, insert, modify and delete access ◦ Direct or indirect  indirect access need proper permissions in code  Indirect read enough to calculate FlowFields  Objects (Forms/Pages, Reports, Codeunits…) ◦ Execute ◦ Design different object types (only in NAV 2009 and older)  Read, insert, modify and delete  System ◦ Tools (Zoom, User administration…)  Execute ◦ Design access (Importing fob, change report…)  Execute ◦ NAV 2009 RTC and 2013 have limited functions that can be controlled. This is improved in future builds/versions

20  ALL/BASIC access to login and more  Functional roles (S&R Q/O/I/C/B/R)  System Roles (new role TOOLS, ZOOM)  High level access (SUPER, SUPER (DATA))

21  “SUPER” can administer users  “SUPER” can design and change objects  “SUPER” can run tables from the designer  “SUPER (DATA)” still have full access to the application  Consider creating other “SUPER” roles ◦ “SUPER (READ)” read-only access to the complete application ◦ “SUPER (TOOLS)” allow access to all tools except designers and security management

22  Focus on a small task in NAV ◦ Make assigning permissions and testing simple ◦ Small chance of breaking all roles when upgrading or adding new customizations  Do NOT make roles for each user ◦ Hard to maintain ◦ Very hard to know if everything is covered ◦ Cannot remove permissions easily without a lot of testing  Use NAV Easy Security Light to combine many small task based roles if needed

23  Role Center give access to view and is improving usability  Permissions give access to perform tasks  BASIC role in NAV 2013 has too many permissions to view data ◦ Access to Login/Logout (OK) ◦ Access to execute objects (OK) ◦ Access to read all data for ORDER PROCESSOR (wrong)

24  NAV 2009 ◦ User connect directly to SQL database ◦ User needs access to data in SQL database ◦ Complex setup to allow impersonation ◦ NAV and SQL database verify user credentials  NAV 2013 ◦ Service user connect to SQL Database ◦ User need NO access to data in SQL database ◦ No requirements to only use SQL database or windows login ◦ NAV Service Tier verify user credentials ◦ No Login/Logout required after security changes  NAV 2009 and 2013 ◦ Design access (Classic Client) require access to SQL database ◦ DBO for many design and security functions (2009 only)

25  Apply filters directly to the data in SQL database  Many side-effect create un-intended errors ◦ Filter Items, Customer or Vendor and the user cannot post orders or print invoices ◦ Filter Ledger Entries and the user cannot post orders ◦ Inventory valuation can be completely messed up  Very hard to configure since “blank” security filter override a defined security filter  NAV 2013 can manually be coded to handle this better

26  Security is always checked by NAV client  Enhanced mimic NAV security in SQL database, BUT is only used when NAV connects  Synchronize security is very slow with enhanced and required for all security changes  Synchronize not required with standard  No benefits from enhanced (this is just the default value)  Are you also using the default object cache value?  Enhanced has been removed by Microsoft in NAV 2013

27  User can never exceed the license permissions  Indirect license permissions are used to secure important posting data ◦ Removed when buying 7300 Solution developer as a customer (be careful, security setup is most harder)  MenuItems is removed based on license or user permissions ◦ Classic: always removed from MenuSuite ◦ RTC: optional based on setup, different by version

28  Tools to maintain standard security ◦ Copy from other users ◦ Assign multiple roles in multiple companies ◦ Add related permissions  Record TableData permissions  Snapshots can rollback users or roles  Free including all tools with limited recording ◦ Partner must add module “14123010 NAV Easy Security Light” to NAV license at no charge  $250 to unlock recording feature with registration key  Available in Navision 2.60 to NAV 2013 R2

29  Assign multiple roles in multiple companies  Copy from another user  Roll-back permissions from snapshots

30  Add related permissions  Combine multiple roles to a single role  Copy permission from one role to another  Export/Import roles like the FOB-worksheet  Roll-back roles using Snapshots  Record permissions with SQL profiler ◦ Limited in the free version

31  Training videos ◦ http://mergetool.com/addin_e/faq/FAQ_ESLTRAINING_WEB.htm http://mergetool.com/addin_e/faq/FAQ_ESLTRAINING_WEB.htm

32

33

34  114 roles based on Segregation of Duties  Verified with FastPath with no Sarbanes-Oxley conflicts  Recorded and verified in NAV ◦ NA 2009 R2 and 2013 (US, CA and MX) ◦ DE 2009 R2 and 2013 (DE, AT and CH)  Finance, Sales, Purchase and Inventory ◦ Banking (2) Budget (1) Customer (5) Finance (16) Item (8) Purchase (17) Role Centers (22) Sales (17) Technical (15) Transfer Order (6) Vendor (5)  All 21 Role Centers recorded with read access only  Technical Login only and many more  Source Code Analyzer handle many customizations

35  An ISV (Independent Software Vendor) developing products for NAV  Located in Atlanta, GA USA  More than 500 customers using or solutions  NAV training and classes

36

37

38  Based on input from our partners and over 100 customer trainings  Simple wizard to update data in existing installations  Following Microsoft’s terminology in NAV 2013 and later  Revised translations (Danish, German, Spanish and Dutch)

39  Quick Security  Publish single Login  Export/Import of Login Access Controls  Permissions from  Simple access to Change Log entries  Server information FactBox  Adding multiple Access Controls Wizard  And many more

40  Intermediate step between “SUPER (DATA)” and “Segregation of Duties”  Implement and deploy in a few hours in production  Control with “Full Access”, “Read-Only” and “No Access” ◦ Standard NAV tables already categorized ◦ TableData and Objects  First step when building precise security

41  Recorded Permission Sets tested for Segregation of Duties (already exists in earlier versions) ◦ Recorded in NAV 2009 R2, 2013, 2013 R2 and 2015 ◦ Worldwide, German and North American databases  New recordings released when future NAV versions are released ◦ Simplify the upgrade by having the new NAV permissions required in our recording  Danish database soon to be supported too

42  User Filters ◦ Remove need to customize dynamic filtering ◦ Link User ID to Salesperson Code and 30 other major NAV tables  Adding multiple Fields and Actions

43  Available on our web-site  Updated documentation  Updating existing customers ◦ Import the new objects ◦ Run the “Update Data” process

44

45  Import and compile new Easy Security Objects ◦ Do NOT import ESACC objects  Open the Security Setup and Update Data  Open the Field Level and Data Security Setup and Update Data  Optional: Import new Recordings to existing Segregation of Duties Permissions Sets  Import Quick Security Permission Groups

46  Finish Initial Install in Production Database ◦ Logins and Permissions ◦ Field Level and Data Security  Use the same Source Tables and in the Test Database  Export from Test Database ◦ “Permission Sets”, “Permission Groups”, “Login Access Controls”, “Object Properties”, “Field Level Security Codes” and “Data Security Codes”  Create “Logins” and “Company Groups” in Production Database to match the Test Database  Import in the same order as exported above to Production ◦ The Import and Overwrite can be used if needed  Publish Permission in the Production Database

47  Import Objects  Create Easy Security company  Initial Source Code Analysis  Add Source Tables  Implement Changes in Code  Setup Copy Data in other Companies

48  Import objects  Initial Source Code export  Create Easy Security company  Run Complete Install  Import additional NAV Easy Security data  First publish  Recording only setup in other companies

49  Adding Tables to the Source Table Setup  Adding a Page with an existing Table  Working with multiple databases (Dev, UAT, Prod)  Reversing changes to objects

50  Typically 3 databases, Development (DEV), User Acceptance Test (UAT) and Production (PROD)  Development database ◦ NAV Easy Security objects imported ◦ No changes to base code implemented ◦ Allow simple implementation of cumulative updates and upgrades  User Acceptance Test (UAT) ◦ New objects from DEV replace objects ◦ Run “Implement Changes in Code” for all objects  Production (PROD) ◦ Objects are moved from UAT compiled with code implemented ◦ Filter on Date and Time in UAT for all modified objects

51  Data Security for each Page  User Filters  Create new Data Security Code  Data Security for Reports  Data Security in Jet Reports

52  Control access by “Edit”, “View” or “Hide”  Object Level Security  Field Level Security  Action Security  Create New Field Level Security Code

53  Updating the Source Code Analysis  Permissions added automatically  Using Relations and Variables

54  Calculating Summary Permissions  Permission From  Segregation of Duties

55  Based on recordings ◦ NAV 2009 R2, 2013 2013 R2 and 2015 ◦ Worldwide, German, North American and Danish  Certified for Segregation of Duties by FastPath  Made for the future (upgradeable)  Object Level Security  Future NAV versions maintained by Mergetool.com

56  Setup simply by category, easy for ISV/Customizations  Quick Security Permission Groups  Go-Live  Security based on a few tables  Good Security between SUPER (DATA) and Segregation of Duties level access

57  Publish All  Publish single Login or Permission Set  Compare Restore Points  Reverse changes

58  Builder Permissions  Related Permissions  Override permissions

59  Recording Permissions  Correcting a Permission Set with a recording  Multiple Recordings in a Permission Set  Reducing recorded Permissions  Using a Minimum access Role Center and restarting Service Tier

60  Grouping Permission Sets  Grouping Companies  Expiry Date  Summary Permissions  Adding a new User  Assigning permission to multiple users

Download ppt " Complete solution for NAV Security ◦ RoleTailored and Classic Client  Field Level and Data Security ◦ Security beyond NAV’s standard abilities  Logins."

Similar presentations

RP Designs Semi-Custom e-Commerce Package. Overview RP Designs semi- custom e-commerce package is a complete website solution. Visitors can browse a catalog.

RP Designs Semi-Custom e-Commerce Package. Overview RP Designs semi- custom e-commerce package is a complete website solution. Visitors can browse a catalog.
Topic: Sales Tax and 1099 Reporting

Topic: Sales Tax and 1099 Reporting
Purpose: These deck is for use with customers by the Microsoft Dynamics NAV sales force and partners. It includes core messages that: –Highlights the new.

Purpose: These deck is for use with customers by the Microsoft Dynamics NAV sales force and partners. It includes core messages that: –Highlights the new.
Ultimate Bundle Overview Products Benefits Technical Requirements Licensing Pricing Valid until 01-Sep-2010.

Ultimate Bundle Overview Products Benefits Technical Requirements Licensing Pricing Valid until 01-Sep-2010.
MIDAS is a complete web based scheduling solution for managing your facility’s bookings and resources. MIDAS is a complete web based scheduling solution.

MIDAS is a complete web based scheduling solution for managing your facility’s bookings and resources. MIDAS is a complete web based scheduling solution.
GP2013 (R2) New features in GP2013 (R2). New Ribbon for windows Edit List is the Print button on the right without the paper background Action pane can.

GP2013 (R2) New features in GP2013 (R2). New Ribbon for windows Edit List is the Print button on the right without the paper background Action pane can.
Module 4: System Maintenance Intuit Financial Services University Internet Banking Certification Training.

Module 4: System Maintenance Intuit Financial Services University Internet Banking Certification Training.
Feature requests for Case Manager By Spar Nord Bank A/S IBM Insight 2014 Spar Nord Bank A/S1.

Feature requests for Case Manager By Spar Nord Bank A/S IBM Insight 2014 Spar Nord Bank A/S1.
CONDO MANAGER The Leader in Association Accounting and Management Software Mailing Address: P.O. Box 26844 Charlotte, North Carolina 28221 Web Site www.condomanager.com.

CONDO MANAGER The Leader in Association Accounting and Management Software Mailing Address: P.O. Box Charlotte, North Carolina Web Site
Software Delivery. Software Delivery Management  Managing Requirements and Changes  Managing Resources  Managing Configuration  Managing Defects 

Software Delivery. Software Delivery Management  Managing Requirements and Changes  Managing Resources  Managing Configuration  Managing Defects 
Microsoft Dynamics NAV 2009

Microsoft Dynamics NAV 2009
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
Microsoft Dynamics AX Technical Conference 2013

Microsoft Dynamics AX Technical Conference 2013
Complete Weekly Timesheets Select work. Add hours and comments Tell Mgr if ETC=0 and need more time. Tell Mgr if using someone else’s ETC. End week, change.

Complete Weekly Timesheets Select work. Add hours and comments Tell Mgr if ETC=0 and need more time. Tell Mgr if using someone else’s ETC. End week, change.
CRM 3.0 What’s New in Microsoft CRM 3.0 – Technical.

CRM 3.0 What’s New in Microsoft CRM 3.0 – Technical.
IdentiTrip 2006 Our Skills Making your Job Easier.

IdentiTrip 2006 Our Skills Making your Job Easier.
SMART Agency Tipsheet Staff List This document focuses on setting up and maintaining program staff. Total Pages: 14 Staff Profile Staff Address Staff Assignment.

SMART Agency Tipsheet Staff List This document focuses on setting up and maintaining program staff. Total Pages: 14 Staff Profile Staff Address Staff Assignment.
GAIN A COMPETITIVE ADVANTAGE BY SELLING ATLAS

GAIN A COMPETITIVE ADVANTAGE BY SELLING ATLAS
9/10/20151 Hyperion Enterprise 6.5 New Features & Functionality Robert Cybulski, CPA Finit Solutions.

9/10/20151 Hyperion Enterprise 6.5 New Features & Functionality Robert Cybulski, CPA Finit Solutions.
Crystal And Elliott Edward M. Kwang President. Crystal Version Standard - $145 Professional - $350 Developer - $450.

Crystal And Elliott Edward M. Kwang President. Crystal Version Standard - $145 Professional - $350 Developer - $450.

Similar presentations

Ads by Google