Security Filter (Record Level Security)

Navision allows you to limit the user access to certain records based on the security filter setting. For example, the table may have 1000 records, but your user may only see 100 records in the table that meet the security filter. Users will see 100 records no matter how they access the table through forms or reports. Even when the user run the table from object designer, he/she will still see 100 records. The remaining 900 records that cannot be seen are totally invisible to the user. This is how powerful the security filter can be. It can only be used in SQL Option. Security filter will not work in native database.

Setting of security filter is fairly easy. Just set it at the Security Filter column in the Permission table. The screenshot below shows the security filter set to only users to see records with Global Dimension 1 Code = SALES.


Theoritically, security filter is very easy to use. You just set it in the Permission table and the Navision will apply the filter in the whole system. But in actual fact, once you set the security filter, the nightmare will begin. You will receveive a lot of complaints from users saying cannot access to this and that, and when you check the permission setting, you have granted them with the necessary permission. All the problems arises because:

1. Security filter does not work when you use code to open a form, report or dataport. You must use the command button or menu button properties to open form, report or dataport.
   
2. Security filter does not applies to Global and Local variables automatically. You need to use SETPERMISSIONFILTER function to apply security filter to record variables. SETPERMISSIONFILTER has to be set in all record variables in all objects that are affected by the security filter. For example, if you have set a permission filter in the customer table, you have to add this line of code to all record variable that access customer tables in all objects. Customer.SETPERMISSIONTABLE;This is a tedious job to do.
3. Your complex CAL function try to access all records in a table to perform calculation but your security filter limit access to certain records only. This may cause conflict that will throw an error message. For example, a form needs to access the last record in a table before it can insert a new record but the last record is not within your permitted range. To overcome this problem, you have to create a new role with indirect access to the table and assign this new role to your user.