The Dynamics NAV application provides two types of authentication methods to log in to the database, as explained next.
Creating database logins
These logins use database server (SQL or Classic) authentication to provide access to the application. We can create Database Logins as follows:
1. To create a database login in a Dynamics NAV Classic database server, go to Database Logins from Tools | Security | Database Logins.
2. Press F3 to create a new User ID and Name for the Database Logins.
3. If we are using the SQL Server as the database for Dynamics NAV installation, we have to make sure that the database logins' User ID that we are using here also exists as a user on the SQL Server.
4. If we are using the Dynamics NAV Classic database server, we will have an additional column to specify the Password for the User ID.
The first user that we create should be the SUPER user (the user with super access to everything in the application). SUPER
is one of the roles in Dynamics NAV that assigns all permissions
(access to all forms, tables, reports, and other objects) to the user
who has been assigned that role.
An Expiration Date can also be specified for the Database Logins in the last column on the right side of the Database Logins form. This Expiration Date,
can be used, for example, by subcontractors or short term employees who
need access to the Dynamics NAV application for only a given period of
time.
Setting up user accounts
We can set up the users from the User Setup menu, in the Administration section, under Application Setup | Users.
Using the User Setup screen, there is an option to control some basic features of the Dynamics NAV application.
We have the ability to restrict the date range of posts from the Allow posting from and Allow posting to fields; these fields take precedence over the posting date range specified in the General Ledger Setup form.
Users entering the
system can also be restricted to particular responsibility center(s),
thus allowing them to view/do transactions in that responsibility center
only. There is also an option to restrict a database login to a
particular company.
There is an option to register the time for the users logging on to the system. If we mark the Register Time column for a user, the system will log the User ID, Date of login, and Minutes spent on the application. This will be updated every time the user logs off from the Dynamics NAV application.
How is a USER ID used across the application
The User ID is tagged to almost every transaction and ledger entry, and helps in providing an audit trail for transactions.
Specific reports can be printed on separate printers by different users. This can be set up in the Printer Selections menu in the Administration | IT Administration | General Setup | Printer Selections.
User ID(s) are also represented in the Change Log entries, if the Change Log option is enabled. For more information on the Change Log option.
The creation of database
logins, appropriate permissions, and so on can be done by a SUPER user
or by a user who has appropriate permissions to change security for
Dynamics NAV.
Logging in using Windows Authentication
Microsoft Windows
operating system provides a robust and secure computing platform.
Dynamics NAV is designed to leverage the Windows security system. The
administrators have the ability to set up the Windows single sign-on
feature with a Dynamics NAV installation.
When a user opens Dynamics NAV, they have the option to select Windows Authentication. If that is selected, we don't have to key in the username and Password while logging into the application, as shown in the following screenshot:
SQL extended stored procedures
To use the Windows
Authentication with SQL Server option for Dynamics NAV, we need to add
two extended stored procedures as follows:
xp_ndo_enumusersids.
xp_ndo_enumusergroups.
These two stored procedures come with the xp_ndo.dll
file that comes along with the Dynamics NAV installation. The program
will automatically add these extended stored procedures the first time
Dynamics NAV connects to the server.
If we have already
connected to the server, we will have to add these extended stored
procedures manually. To add these stored procedures manually, follow the
next steps:
1. From the Product CD folder ..\SQL_ESP, find xp_ndo.exe.
2. Run the file and enter the path to the BINN folder of the SQL Server installation. Make sure that the xp_ndo.dll is copied to this path.
3.
Use Microsoft SQL Server Management Studio(2005) or Enterprise Manager
(SQL 2000) to add extended stored procedures with the following names:
xp_ndo_enumusersids
xp_ndo_enumusergroups
4. Assign execute permissions for both the extended stored procedures to the public role in the SQL Server database.
Let's do a walkthrough of how to create Windows login(s) in the Dynamics NAV application, as follows:
1. While logged in to the database (as a SUPER user or user with permissions to create new users), go to Tools | Security | Windows Logins.
2. Press F3 to create a new Windows login.
3. We can press F6 or the Assist Edit button on the ID field to look up and select from among all the Windows Users and Groups available in the cluster of domains.
4.
If we are using SQL Server as a database, after we have assigned the
appropriate roles we will have to synchronize this new login
with the SQL Server. To synchronize the Windows login to the SQL Server,
go to Tools | Security |Synchronize Single Login or Synchronize All Logins.
The synchronization will create the Windows login(s) in the SQL Server.
More about synchronization is discussed earlier under the Dynamics NAV security models section.
Why use Windows Logins?
Microsoft Dynamics security inherits all the extended security features of Active Directory, if Windows Authentication is used for accessing the Dynamics NAV application. It also makes the administration a lot easier and manageable.
Some of the biggest advantages of using Active Directory and Windows Authentication
is that everything is manageable from within NAV (for database
administrators). One of our favorite and highly recommended approaches
is to use Windows groups. Using Active Directory Windows groups makes
the setup of users and management of existing users almost effortless.
Network administrators can just add the new Windows login to the
appropriate groups when creating new users for the Dynamics NAV
application.
Passwords
If we decide to use Database Authentication for our installation, we will have to specify passwords for all the database logins that we create.
To change the password for Dynamics NAV, go to Tools | Security | Password.
The following screenshot will prompt us to confirm our Current Password and then specify a New Password for the Dynamics NAV program (followed by a re-enter):