The permissions for analysis on the Web Client can be set over 2 levels.
2. PERMISSIONS for REPORT SELECTION
Multiple reports can be grouped into a report group. (e.g., reports 1 and 2 belong to report group A.) A report can only be assigned to one report group.
Each user can be assigned any number of roles. (e.g., user Bettina is a member of the Sales, Warehouse, and Purchasing roles.)
Each role can be assigned to any number of report groups. (For example, the Warehouse role is assigned to the Order Analysis and Purchase Order Analysis report group.)
The user can always execute all reports to which the system finds an assignment (release).
NOTE: If additional assignments and/or locks are necessary for the above concept, please read the chapter Advanced Permissions for Report Selection .
In the above formula, groups can be created and managed. Users (members) and analysis groups are assigned to these groups, and report rights are assigned.
By clicking on Member , individual users can be created or added to the group:
In order for users to be able to start the report, the access method Read or Update must be selected!
By clicking on Analysis Groups you can share the reports with the group:
Configuration: Analysis Groups
NOTE: The assignment to the parent report group is only for display in the menu and has no effect on the assignment of authorizations!
-
Create the desired report group. (see 2.3)
-
Under the Authorization Roles menu item, you can open the form for assigning roles. (see 2.2)
- Enter the desired roles in the form. For the user to be able to launch the report, the access method Read or Update must be selected! (see 2.2)
2.4 Assigning reports to report groups
Menu: Configuration/ Analysis Design / Enterprise Design /Analysis Scheme/ Button: Edit
The analysis group can be add in the report schema card:
Configuration: User Setup/Access Roles (Berechtigungsrollen)
-
Select a user or create a new user.
- You can use the Access Roles button to open the form for assigning roles.
-
Enter the Access roles in the form. For the user to be able to launch the report, the access method "Read" or "Update" must be selected.
-
The user must NOT be an administrator, otherwise he will be allowed to start all reports.
3. AUTHORIZATIONS for DATA SETTINGS
Any filters can be set for data sets per user and data set.
Any NAV filters can be set for each node in the following matrix.
*) In the current version, users without a filter have the right to read all data within the database. For "No access," the filter would have to be set to an invalid value (e.g., Branch XX). However, reports are usually already restricted by the permissions for report launch. (See the chapter " Permissions for Report Selection ") This behavior will be improved in a future version.
Configuration: User Setup/Security Filter
-
Select a user or create a new user.
-
Use the Security Filter button to open the security filter settings.
-
Enter the desired fields in the security filter form.
Field |
Description |
user name |
Currently selected user |
Data type |
All data: The specified security filter affects all data sets Financial data: The specified security filter only affects financial data. (Cost items) Reference value: The specified security filter applies to data of the specified reference size. The reference value must be specified. |
Reference value |
For the data type Reference Value, the desired reference value must be specified. |
Filter type |
The filter type defines the dimension to be filtered by. Grouping levels can also be used. |
Security filter |
Security filter according to Dynamics NAV filter rules. |
4. EXTENDED PERMISSIONS for REPORT SELECTION
In addition to the basic concept, it is also possible to share a single report directly with users.
(User Andrea was directly assigned report 3)
It's also possible to block individual users from a report, even though the user could launch the report based on their roles and report group assignments. (User Arthus was blocked from Report 2.)
It is also possible to assign a user directly to a report group. (User Bernhard was assigned directly to the Order Analysis report group.)
4.2 Assign users directly to a report or block them from a report
Configuration: User Setup/Reports
-
Select the user and click the Reports button.
-
Select the desired report.
-
In the Reports form, enter the desired access method:
The None access method allows you to specifically lock the report for a specific user.
With the access methods Read and Update you can assign the report to a specific user.
4.3 Assign users directly to a analysis group
Configuration: User Setup/Analysis Groups
-
Select the user.
- Use the Analysis Groups button to open the report group assignment form.
-
In the form, enter the desired report group with the respective access method. With the access methods Read and Update you can assign the report group specifically to a user.
With the None access method, you lock the report group for the user.
5. TESTING THE REPORT SELECTION
Administrators have the option to check or view the valid report selection of users.
Simply add the string ?USER=<full username> to the end of the URL . The report selection will only display reports shared with the specified user.
Or by accessing the Web Client via the user list:
