Microsoft Business Solutions-Navision: SQL Server Option
Synchronizing Security in Navision 4.0 SP3
White Paper
2006
Table of Contents
Security Synchronization in Microsoft Business Solutions-Navision 4.0 SP3. 3
When to Synchronize the Security System... 4
Standard Security. 5
Synchronizing the Standard Security Model 6
Enhanced Security. 7
Synchronizing the Enhanced Security Model 7
Selecting the Security Model 9
After Changing the Security Model 10
Converting the Database. 10
Attaching xp_ndo to SQL Server. 12
Navision contains a comprehensive security system that enables you to manage the access that all of your users have to the objects and data in your Navision database. As this database is stored on SQL Server, the Navision security system and SQL Server’s own security system must work in harmony to ensure that only authorized users can gain access to the database. The Navision security system therefore contains a synchronization mechanism that ensures that the information contained in the Navision security system corresponds with the information contained in the SQL Server security system.
Navision 4.0 SP3 allows you to specify the level of security that you want to implement in each database. You can choose between two different security models:
• Standard Security
• Enhanced Security
The main difference between these two security models is the way in which they synchronize the Navision security system with SQL Server and the way that they integrate the Navision security system with Windows authentication.
The security system is not synchronized automatically when you:
• Change the security model.
• Restore a backup.
• Convert a database.
• Update the executable files.
• Update the application.
To change the security model used in the database, you must be:
• A member of the sysadmin server role on SQL Server or be a member of the db_owner database role for the database in question.
• Assigned the SUPER role in Navision.
Furthermore, if you want to change security models, you must ensure that both of the extended stored procedures that come with Navision have been added to the instance of SQL Server that you are using. These extended stored procedures are called:
• xp_ndo_enumusergroups
• xp_ndo_enumusersids
These extended stored procedures are part of the xp_ndo.dll that comes on the Navision product CD. For more information about installing the extended stored procedures, see the section Attaching xp_ndo to SQL Server or read the Readme.txt file that is stored with the dll on the product CD.
The main differences between the two security models are listed in the following table:
Feature |
Standard Security |
Enhanced Security |
Synchronization Performance |
Fast |
Slower If you have several companies and many users in the same database, the synchronization process will be slower with Enhanced Security. |
Windows groups displayed |
Local domain + forest of domains |
Local domain only |
Logins required in Navision |
Windows groups and individual Windows users |
Windows Groups + the members of each group and individual Windows users |
Granularity of Synchronization |
Entire security system |
Entire security system and individual logins. |
Automatic synchronization when you insert, modify or delete a Windows login or a database login in Navision. |
Yes |
No |
Required Extended Stored Procedure |
xp_ndo_enumusersids |
xp_ndo_enumusergroups |
The Navision security system must be synchronized with SQL Server every time you:
• Change the security model.
• Change the users, permissions or roles that have been created in Navision.
• Restore a backup.
• Convert a database.
· Modify an object in the database
Every time you modify an object in the database or modify the permissions that an object has to other database objects, you must correspondingly update all the roles and users who have permission to access this object and then you must synchronize these roles and users.
• Update the executable files.
• Update the application.
The Standard Security model only allows you to synchronize the entire security system when you update the permissions system in Navision.
When you are using Standard Security, you can enter a Windows group in the Windows Logins window and assign it a role in Navision. All the users who are members of this windows group are then automatically assigned this role in Navision.
To create a Windows login:
1. Click Tools, Security, Windows Logins to open the Windows Logins window.
2. In the ID field, click the AssistButton to open the Windows Users & Groups window.
3. In the Windows Users & Groups window, select the user or group that you want to create a login for in Navision.
Alternatively, you can just enter the Windows login of the user or group directly into the Windows Logins window if you know it.
With the Standard Security model, the Windows Users & Groups window lists all of the Windows groups and users that you can see in Active Directory as well as the local groups on your computer.
With the Standard Security model, every time you create, modify or delete a Windows login or a database login, the security system is automatically synchronized. However, if you add, alter or delete a role in the Navision security system, you must manually synchronize the security system.
The synchronization of the security system is performed faster with Standard Security than it is with Enhanced Security. Standard Security could be preferable if you have several companies
Уважаемый посетитель!
Чтобы распечатать файл, скачайте его (в формате Word).
Ссылка на скачивание - внизу страницы.