I use NAV 2009 R2 with classic client. I want to create security role for few sales people. I want to allow them to make sales orders and posting sales invoices. But, in the same moment I don't want them can see customer card and customer entries. Also, I don't want to allow them to see few reports. This is problem for me. If I deny them Customer and Customer Ledger Entry tables, they can't choose customer in order and they can't post invoices. Can some help me?
You can add all this Table Data with allow permission and they can post invoices. But, you need to set next form with not allow: Customer Card, Customer Ledger Entries and Detailed Cust. Ledg. Entries.
They must to have Customer List form with allow. If you configure your roles as this, they can use these tables data, but they cannot run these forms. Customer List form is mandatory to allow, because they use this form when they choose customer on Sales Order Header.
On the same way you can set not allowed reports. Only you must to be careful that you do not add to these users some role where Form or Report Object Types has a 0 filled in Object ID. 0 allows access to all forms/reports.
You can use indirect permission, as well, but you need to watch is indirect permission in your code.
You can make some mix with this idea. I hope, you can solve your problem.
(please) Dont try "deny"ing...principle is to "grant" permission.
And "grant permission" comes in 2 flavours : direct(=yes) and indirect.
Looks as probable you need indirect granting on ledger ?