(For more resources on PHP & MySQL, see here.)
Securing the network is indispensible to any organization’s IT security. Firewalls and implementing user security policies go a long way in securing the network. A few highlights of network/hardware security that we will not cover in detail in this article are as follows:
- Implementing Dynamics NAV on a secure internal company network.
- Following Microsoft recommendations for software and hardware requirements including operating system considerations and hardware considerations.
- Defining user access policies and windows network access policies; these may be extendible to the Dynamics NAV security system as well.
These topics can be found in detail in Microsoft operating system documentation and other network-related documentation.
Security with SQL Server installation
The SQL security system is very robust and comprises the following two main components:
- Access to the server: This is the layer of security that involves granting access to the server using logins to authenticate the users and provide them secure connection to the server.
- Access to the database: This refers to the security defined by roles and permissions for appropriate database access to the users.
Dynamics NAV security models
There are two distinctive but not-so-different security models that build the security system for Dynamics NAV. They are mainly differentiated by how they synchronize the Dynamics NAV security system with the SQL Server security system and Windows security system. In the following table, we highlight the key differences between the two security models—Standard and Enhanced.
Switching between Enhanced and Standard security models
To change the security model from Enhanced to Standard or vice versa, we will have to alter the database, change the Security Model option (Advanced tab). We need to make sure that the database is made as “single user only” (by checking on the Single User check mark on the Alter Database window). It is also required to synchronize all logins after the Security Model is changed.
Synchronization is the process for the Dynamics NAV security system to match the SQL Server security system. This does not happen automatically and must be done manually after performing the following options:
- Applying a change to the objects in the database
- Changing the security model
- Making changes to the users, roles, and permissions in Dynamics NAV
- Restoring a backup
- Upgrading or converting the database and/or the client executables
Synchronizing one or multiple users
To synchronize one or multiple users go to the Windows Login option under Tools | Security . Highlight the login(s) that need to be synchronized. Go to Tools | Security | Synchronize Single Login or Synchronize All Logins.
Users, logins, and passwords
Dynamics NAV application provides two types of authentication methods to log in to the database as explained next.
Creating database logins
These logins use database server (SQL or Classic) authentication to provide access to the application. We can create Database Logins as follows:
- To create a database login in a Dynamics NAV Classic database server go to Database Logins from Tools | Security | Database Logins.
- Press F3 to create a new User ID and Name for the Database Logins.
- If we are using the SQL Server as the database for Dynamics NAV installation, we have to make sure that the database logins’ User ID that we are using here also exists as a user on the SQL Server.
- If we are using the Dynamics NAV Classic database server, we will have an additional column to specify the Password for the User ID.
The first user that we create should be the SUPER user (the user with super access to everything in the application). SUPER is one of the roles in Dynamics NAV that assigns all permissions (access to all forms, tables, reports, and other objects) to the user who has been assigned that role.
An Expiration Date can also be specified for the Database Logins in the last column on the right side of the Database Logins form. This Expiration Date, for example, can be used by subcontractors or short term employees who need access to Dynamics NAV application for only a given period of time.
Setting up user accounts
We can set up the users from the User Setup menu, in the Administration section, under Application Setup | Users.
Using the User Setup screen, there is an option to control some basic features of Dynamics NAV application.
We have the ability to restrict the date range of posts from Allow posting from and Allow posting to fields, these fields take precedence over the posting date range specified in the General Ledger Setup form.
Users entering the system can also be restricted to particular responsibility center(s) thus allowing them to view/do transactions in that responsibility center only. There is also an option to restrict a database login to a particular company, this will be discussed in the Roles section later in this article.
There is an option to register the time for the users logging on to the system. If we mark the Register Time column for a user, the system will log the User ID , Date of login, and Minutes spent on the application. This will be updated every time the user logs off from the Dynamics NAV application.
How is a USER ID used across application
The User ID is tagged to almost every transaction and ledger entry, and helps in providing an audit trail for transactions.
Specific reports can be printed on separate printers by different users. This can be set up in the Printer Selections menu in the Administration | IT Administration | General Setup | Printer Selections.
User ID(s) are also represented in the Change Log entries, if the Change Log option is enabled. For more information on Change Log option, refer to the Change Log section in this article.
The creation of database logins, appropriate permissions, and so on can be done by a SUPER user or by a user who has appropriate permissions to change security for Dynamics NAV.
Logging in using Windows Authentication
Microsoft Windows operating system provides a robust and secure computing platform. Dynamics NAV is designed to leverage the Windows security system. The administrators have the ability to set up Windows single sign-on feature with Dynamics NAV installation.
When a user opens Dynamics NAV, they have the option to select Windows Authentication. If that is selected, we don’t have to key in the username and Password while logging into the application, as shown in the following screenshot: