nav easy security - bcug/navug
TRANSCRIPT
![Page 1: NAV Easy Security - BCUG/NAVUG](https://reader033.vdocuments.mx/reader033/viewer/2022042114/625790f6b71abd38a83c0a2b/html5/thumbnails/1.jpg)
![Page 2: NAV Easy Security - BCUG/NAVUG](https://reader033.vdocuments.mx/reader033/viewer/2022042114/625790f6b71abd38a83c0a2b/html5/thumbnails/2.jpg)
Complete solution for NAV Security◦ RoleTailored and Classic Client
Field Level and Data Security◦ Security beyond NAV’s standard abilities
Logins and Permissions◦ Tools for standard NAV security
NAV Easy Security Light◦ Tools for small NAV customers to simplify security
maintenance
![Page 3: NAV Easy Security - BCUG/NAVUG](https://reader033.vdocuments.mx/reader033/viewer/2022042114/625790f6b71abd38a83c0a2b/html5/thumbnails/3.jpg)
Record permissions (TableData and objects)
Group permission sets and companies
Expiration date of access controls
Quick/Go-live security
100+ Segregation of Duties permission sets◦ Tasks based on recordings to add customizations
Restore points for rollback and history
Object level permissions
![Page 4: NAV Easy Security - BCUG/NAVUG](https://reader033.vdocuments.mx/reader033/viewer/2022042114/625790f6b71abd38a83c0a2b/html5/thumbnails/4.jpg)
Pages and forms◦ Edit, read only or hide
Fields◦ Edit, read only or hide
Actions and buttons◦ Normal, greyed-out or hide
Filter data per page or form to only show some records◦ User based filters or based on a calculation
![Page 5: NAV Easy Security - BCUG/NAVUG](https://reader033.vdocuments.mx/reader033/viewer/2022042114/625790f6b71abd38a83c0a2b/html5/thumbnails/5.jpg)
Tools to maintain standard security◦ Copy from other users
◦ Assign multiple permission sets in multiple companies
◦ Add related permissions to permission sets
Record TableData permissions
Snapshots can rollback users or permission sets
![Page 6: NAV Easy Security - BCUG/NAVUG](https://reader033.vdocuments.mx/reader033/viewer/2022042114/625790f6b71abd38a83c0a2b/html5/thumbnails/6.jpg)
Record permission set
Field Level Security
Data Security
![Page 7: NAV Easy Security - BCUG/NAVUG](https://reader033.vdocuments.mx/reader033/viewer/2022042114/625790f6b71abd38a83c0a2b/html5/thumbnails/7.jpg)
2.60 executable or later◦ Released within 30 days of Microsoft
All NAV application versions Only new objects (no merge required) Application translated to 8 languages ◦ Danish, Dutch, English, French, German, Italian,
Portuguese and Spanish
Complete English documentation and online help
![Page 8: NAV Easy Security - BCUG/NAVUG](https://reader033.vdocuments.mx/reader033/viewer/2022042114/625790f6b71abd38a83c0a2b/html5/thumbnails/8.jpg)
NAV Easy Security◦ Record permission sets, quick security, logins and
restore points ($ 2500)◦ Field level and data security ($2500)◦ Complete solution ($4500)◦ Fixed price installation and support ($1250)
NAV Easy Security Light◦ Free for base features◦ Unlimited TableData recording ($250)
No additional object cost for CfMD solutions
![Page 9: NAV Easy Security - BCUG/NAVUG](https://reader033.vdocuments.mx/reader033/viewer/2022042114/625790f6b71abd38a83c0a2b/html5/thumbnails/9.jpg)
"The time to set up a role manually could take up to 2 hours, but with NAV Easy Security, it takes 5 minutes, and 90-95% of the tasks were accurate after only one recording.“
Antoine GeffriaudWood Group GTS Power Plant Services
“The number one thing is the amount of detail you can get on Easy Security and the ease at which you can set roles up”
Dennis HarrisPlant Manager, Marine Harvest
![Page 10: NAV Easy Security - BCUG/NAVUG](https://reader033.vdocuments.mx/reader033/viewer/2022042114/625790f6b71abd38a83c0a2b/html5/thumbnails/10.jpg)
800+ customers in 60+ countries are using NAV Easy Security◦ Case studies on our web-site
Mergetool.com website◦ http://mergetool.com/easysecurity.html
Request demonstration version or other questions◦ [email protected] or contact your NAV partner
![Page 11: NAV Easy Security - BCUG/NAVUG](https://reader033.vdocuments.mx/reader033/viewer/2022042114/625790f6b71abd38a83c0a2b/html5/thumbnails/11.jpg)
![Page 12: NAV Easy Security - BCUG/NAVUG](https://reader033.vdocuments.mx/reader033/viewer/2022042114/625790f6b71abd38a83c0a2b/html5/thumbnails/12.jpg)
Per MogensenPresident
![Page 13: NAV Easy Security - BCUG/NAVUG](https://reader033.vdocuments.mx/reader033/viewer/2022042114/625790f6b71abd38a83c0a2b/html5/thumbnails/13.jpg)
Per Mogensen
![Page 14: NAV Easy Security - BCUG/NAVUG](https://reader033.vdocuments.mx/reader033/viewer/2022042114/625790f6b71abd38a83c0a2b/html5/thumbnails/14.jpg)
How does NAV Security work◦ User access control
◦ Roles/Permission Sets
Best practices for NAV Security◦ What does Microsoft deliver
NAV Easy Security Light
![Page 15: NAV Easy Security - BCUG/NAVUG](https://reader033.vdocuments.mx/reader033/viewer/2022042114/625790f6b71abd38a83c0a2b/html5/thumbnails/15.jpg)
Hide data like payroll, recipes or sales data
Protect data from accidental changes
Ensure data integrity by protecting setup
Segregation of duties
External requirements (SOX)
Auditors
![Page 16: NAV Easy Security - BCUG/NAVUG](https://reader033.vdocuments.mx/reader033/viewer/2022042114/625790f6b71abd38a83c0a2b/html5/thumbnails/16.jpg)
Combines Roles/Permission Sets with companies◦ Access to single company or all companies
Permissions always add
Users can have access directly assigned or as part of groups using Active Directory◦ Best suited for a single company setup
◦ High level access to NAV should be avoided
![Page 17: NAV Easy Security - BCUG/NAVUG](https://reader033.vdocuments.mx/reader033/viewer/2022042114/625790f6b71abd38a83c0a2b/html5/thumbnails/17.jpg)
Can be administered directly in Active Directory
Many Windows Groups required when more than a single company
Work fine for low level access, but is a security risk for SUPER or similar access
![Page 18: NAV Easy Security - BCUG/NAVUG](https://reader033.vdocuments.mx/reader033/viewer/2022042114/625790f6b71abd38a83c0a2b/html5/thumbnails/18.jpg)
A set of permission data, objects and system functions
Not related to companies only to permissions◦ Access control under Users combine Roles and
Company
Data security possible with Security Filters
No Field Level control
![Page 19: NAV Easy Security - BCUG/NAVUG](https://reader033.vdocuments.mx/reader033/viewer/2022042114/625790f6b71abd38a83c0a2b/html5/thumbnails/19.jpg)
Data (TableData)◦ Read, insert, modify and delete access◦ Direct or indirect
indirect access need proper permissions in code Indirect read enough to calculate FlowFields
Objects (Forms/Pages, Reports, Codeunits…)◦ Execute◦ Design different object types (only in NAV 2009 and older)
Read, insert, modify and delete
System ◦ Tools (Zoom, User administration…)
Execute◦ Design access (Importing fob, change report…)
Execute◦ NAV 2009 RTC and 2013 have limited functions that can be controlled.
This is improved in future builds/versions
![Page 20: NAV Easy Security - BCUG/NAVUG](https://reader033.vdocuments.mx/reader033/viewer/2022042114/625790f6b71abd38a83c0a2b/html5/thumbnails/20.jpg)
ALL/BASIC access to login and more
Functional roles (S&R Q/O/I/C/B/R)
System Roles (new role TOOLS, ZOOM)
High level access (SUPER, SUPER (DATA))
![Page 21: NAV Easy Security - BCUG/NAVUG](https://reader033.vdocuments.mx/reader033/viewer/2022042114/625790f6b71abd38a83c0a2b/html5/thumbnails/21.jpg)
“SUPER” can administer users
“SUPER” can design and change objects
“SUPER” can run tables from the designer
“SUPER (DATA)” still have full access to the application
Consider creating other “SUPER” roles◦ “SUPER (READ)” read-only access to the complete
application ◦ “SUPER (TOOLS)” allow access to all tools except
designers and security management
![Page 22: NAV Easy Security - BCUG/NAVUG](https://reader033.vdocuments.mx/reader033/viewer/2022042114/625790f6b71abd38a83c0a2b/html5/thumbnails/22.jpg)
Focus on a small task in NAV◦ Make assigning permissions and testing simple◦ Small chance of breaking all roles when upgrading or
adding new customizations
Do NOT make roles for each user◦ Hard to maintain◦ Very hard to know if everything is covered◦ Cannot remove permissions easily without a lot of
testing
Use NAV Easy Security Light to combine many small task based roles if needed
![Page 23: NAV Easy Security - BCUG/NAVUG](https://reader033.vdocuments.mx/reader033/viewer/2022042114/625790f6b71abd38a83c0a2b/html5/thumbnails/23.jpg)
Role Center give access to view and is improving usability
Permissions give access to perform tasks
BASIC role in NAV 2013 has too many permissions to view data◦ Access to Login/Logout (OK)
◦ Access to execute objects (OK)
◦ Access to read all data for ORDER PROCESSOR (wrong)
![Page 24: NAV Easy Security - BCUG/NAVUG](https://reader033.vdocuments.mx/reader033/viewer/2022042114/625790f6b71abd38a83c0a2b/html5/thumbnails/24.jpg)
NAV 2009◦ User connect directly to SQL database◦ User needs access to data in SQL database◦ Complex setup to allow impersonation◦ NAV and SQL database verify user credentials
NAV 2013◦ Service user connect to SQL Database◦ User need NO access to data in SQL database◦ No requirements to only use SQL database or windows login◦ NAV Service Tier verify user credentials◦ No Login/Logout required after security changes
NAV 2009 and 2013◦ Design access (Classic Client) require access to SQL database◦ DBO for many design and security functions (2009 only)
![Page 25: NAV Easy Security - BCUG/NAVUG](https://reader033.vdocuments.mx/reader033/viewer/2022042114/625790f6b71abd38a83c0a2b/html5/thumbnails/25.jpg)
Apply filters directly to the data in SQL database
Many side-effect create un-intended errors◦ Filter Items, Customer or Vendor and the user cannot
post orders or print invoices◦ Filter Ledger Entries and the user cannot post orders◦ Inventory valuation can be completely messed up
Very hard to configure since “blank” security filter override a defined security filter
NAV 2013 can manually be coded to handle this better
![Page 26: NAV Easy Security - BCUG/NAVUG](https://reader033.vdocuments.mx/reader033/viewer/2022042114/625790f6b71abd38a83c0a2b/html5/thumbnails/26.jpg)
Security is always checked by NAV client Enhanced mimic NAV security in SQL database, BUT is
only used when NAV connects Synchronize security is very slow with enhanced and
required for all security changes Synchronize not required with standard No benefits from enhanced (this is just the default
value) Are you also using the default object cache value? Enhanced has been removed by Microsoft in NAV
2013
![Page 27: NAV Easy Security - BCUG/NAVUG](https://reader033.vdocuments.mx/reader033/viewer/2022042114/625790f6b71abd38a83c0a2b/html5/thumbnails/27.jpg)
User can never exceed the license permissions
Indirect license permissions are used to secure important posting data◦ Removed when buying 7300 Solution developer as a
customer (be careful, security setup is most harder)
MenuItems is removed based on license or user permissions◦ Classic: always removed from MenuSuite
◦ RTC: optional based on setup, different by version
![Page 28: NAV Easy Security - BCUG/NAVUG](https://reader033.vdocuments.mx/reader033/viewer/2022042114/625790f6b71abd38a83c0a2b/html5/thumbnails/28.jpg)
Tools to maintain standard security◦ Copy from other users◦ Assign multiple roles in multiple companies◦ Add related permissions
Record TableData permissions Snapshots can rollback users or roles Free including all tools with limited recording◦ Partner must add module “14123010 NAV Easy Security
Light” to NAV license at no charge
$250 to unlock recording feature with registration key
Available in Navision 2.60 to NAV 2013 R2
![Page 29: NAV Easy Security - BCUG/NAVUG](https://reader033.vdocuments.mx/reader033/viewer/2022042114/625790f6b71abd38a83c0a2b/html5/thumbnails/29.jpg)
Assign multiple roles in multiple companies
Copy from another user
Roll-back permissions from snapshots
![Page 30: NAV Easy Security - BCUG/NAVUG](https://reader033.vdocuments.mx/reader033/viewer/2022042114/625790f6b71abd38a83c0a2b/html5/thumbnails/30.jpg)
Add related permissions
Combine multiple roles to a single role
Copy permission from one role to another
Export/Import roles like the FOB-worksheet
Roll-back roles using Snapshots
Record permissions with SQL profiler◦ Limited in the free version
![Page 31: NAV Easy Security - BCUG/NAVUG](https://reader033.vdocuments.mx/reader033/viewer/2022042114/625790f6b71abd38a83c0a2b/html5/thumbnails/31.jpg)
Training videos◦ http://mergetool.com/addin_e/faq/FAQ_ESLTRAINING_WEB.htm
![Page 32: NAV Easy Security - BCUG/NAVUG](https://reader033.vdocuments.mx/reader033/viewer/2022042114/625790f6b71abd38a83c0a2b/html5/thumbnails/32.jpg)
![Page 33: NAV Easy Security - BCUG/NAVUG](https://reader033.vdocuments.mx/reader033/viewer/2022042114/625790f6b71abd38a83c0a2b/html5/thumbnails/33.jpg)
![Page 34: NAV Easy Security - BCUG/NAVUG](https://reader033.vdocuments.mx/reader033/viewer/2022042114/625790f6b71abd38a83c0a2b/html5/thumbnails/34.jpg)
114 roles based on Segregation of Duties Verified with FastPath with no Sarbanes-Oxley conflicts Recorded and verified in NAV◦ NA 2009 R2 and 2013 (US, CA and MX)◦ DE 2009 R2 and 2013 (DE, AT and CH)
Finance, Sales, Purchase and Inventory◦ Banking (2) Budget (1) Customer (5) Finance (16) Item (8)
Purchase (17) Role Centers (22) Sales (17) Technical (15) Transfer Order (6) Vendor (5)
All 21 Role Centers recorded with read access only Technical Login only and many more Source Code Analyzer handle many customizations
![Page 35: NAV Easy Security - BCUG/NAVUG](https://reader033.vdocuments.mx/reader033/viewer/2022042114/625790f6b71abd38a83c0a2b/html5/thumbnails/35.jpg)
An ISV (Independent Software Vendor) developing products for NAV
Located in Atlanta, GA USA
More than 500 customers using or solutions
NAV training and classes
![Page 36: NAV Easy Security - BCUG/NAVUG](https://reader033.vdocuments.mx/reader033/viewer/2022042114/625790f6b71abd38a83c0a2b/html5/thumbnails/36.jpg)