Open Forum

Expand all | Collapse all

Nav 18: Permission Sets

  • 1.  Nav 18: Permission Sets

    Posted Jun 13, 2019 11:52 AM
    We are upgrading from Nav 09 to Nav 18 and one of the big clean up items is our permission sets.  In the past, a lot of users were given super user roles so the users might not have been set up correctly.  We had someone go through and try to assign permissions to each role-type but as we were testing we would run into errors and have trouble resolving them.

    We have a sheet that has the role ID, Role Name, Object Type, Object ID, Object Name, and permission level from Nav 09.  However, a lot of the errors we have run into says things like "TableData Social Listening Set Up: Read" or "Table Data Office Add-in Setup: Read" when these permission don't tie to anything on our list nor did we see them in the options for Nav 18.  What is the best way to identify the permission issue?

    ------------------------------
    David Yee
    Foothill Packing
    Salinas CA
    ------------------------------


  • 2.  RE: Nav 18: Permission Sets

    TOP CONTRIBUTOR
    Posted Jun 13, 2019 01:31 PM
    I'm afraid that there is no "easy" way to go about this.  There is a lot of trial and error testing.

    One thing you can do is create a custom permission set for all permissions that you don't care about.  As you run across errors, if it is OK for everyone to have access, like maybe the social listening table, you can add that permission in this custom ALL EMPLOYEES (or whatever you want to call it) permission set.

    It could help to sit with a member of each department and shadow what they do to help build permissions sets.  NAV 2018 has a permissions recorder that can help with that.  It is usually best to build permission sets for each system function and then bundle those functional permission sets to a job role.



    ------------------------------
    Lewis Rosenberg
    IT Manager
    Mars Fishcare
    Chalfont PA
    ------------------------------------------------------------------------
    BCUG/NAVUG All-Star
    BCUG/NAVUG Board of Advisors, Chairperson
    BCUG/NAVUG Programming Committee

    Twitter: @RosenbergL
    LinkedIn: https://www.linkedin.com/in/rosenbergl
    ------------------------------------------------------------------------

    NAVUG/BCUG Summit (navugsummit.com)
    Orlando, FL - October 15-18, 2019
    ------------------------------



  • 3.  RE: Nav 18: Permission Sets

    SILVER CONTRIBUTOR
    Posted Jun 14, 2019 08:17 AM
    Agree with Lewis on using the​ permission recorder tool.

    A lot of new objects were added and linked to objects you're using, so even if you don't use the new objects, if the objects you do use are linked to them, you'll need that permission.

    Give a user Super rights.  Have them start the recorder and do the tasks they normally do, stop the recording.  Give them that permission set and remove super rights and have them try again.  This process should catch the vast majority of permission erros.

    ------------------------------
    Brian Stenglein
    Clow Stamping Company
    Merrifield MN
    ------------------------------



  • 4.  RE: Nav 18: Permission Sets

    SILVER CONTRIBUTOR
    Posted Jun 14, 2019 09:21 AM
    ​Hey David,

    If you are planning on recording Permissions with the NAV Permission Recorder, make sure that you are on Cumulative Update 6 at the very least.  Prior Cumulative updates have an issue where they will get more permission than they should.

    ------------------------------
    Joe Draeger
    Ortho Molecular Products, Inc
    Woodstock IL
    ------------------------------



  • 5.  RE: Nav 18: Permission Sets

    Posted Jun 14, 2019 09:48 AM

    Seconding the suggestion of the permission recorder.  We upgraded from 2009 to 2018 last year, and I quickly realized that in many cases it was easier to record a new permission set, rather than attempt to add all of the new objects or functionality manually. Role Centers/Profiles for example. Just opening NAV can set off numerous permission errors due to the tiles/activities/reports in the Role Center. And I found it much easier to just record a permission set for that Profile. Otherwise, you will solve one error, test again, solve another error, over and over and over, going crazy in the process.  


    If you are early enough in the upgrade process, I strongly recommend mapping out a general plan ahead of time, then proceeding with recording new permission sets by task, and then grouping those into User Groups by role.  Similar to what Lewis suggested, we created a BASIC permission set that included the objects everyone should have access to. Then I recorded sets for specific tasks (Invoice Sales Order, Create Purchase Order, etc.), and combined those into User Groups as needed.

     

    Ideally, you will leave enough time to have your users to test their processes, for both functional issues AND permission issues at the same time.  It can be tough to focus on permissions, if you have other functional or setup issues to test and resolve. But for us the concern was…if we didnt update our permissions during the upgrade process, I wasn't sure if/when we would ever get back to it.



    ------------------------------
    Casey Cabler
    ERP & Analytics Manager
    The Music People Inc.
    Berlin CT
    ------------------------------



If you've found this thread useful, dive deeper into User Group community content by role