web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics NAV (Archived) / Database Security - Be...
Microsoft Dynamics NAV (Archived)

Database Security - Best Practices

(0) ShareShare
ReportReport
Posted on by Roberto Santoro 25

Hello,

We've a Microsoft Dynamics 2009 NAV R2, based on a Role tailored environment.

I've a question concerning SQL Server access rights assignment.

The external consultant who did installation insists that in order to grant a specific user the necessary rights to create a user within NAV, the operator must have at least SecurityAdmin rights at server level and db_owner + db_accessadmin for the NAV_DB and master db_accessadmin.

this kind of procedure seems rather odd and dangerous especially if we consider that the securityAdmin role applies as well to all other DBs in the server.

Personally I would have expected the Classic Client to be able to impersonate a user (i.e.: the user that runs the NAV service) to create/delete/modify users.

 I found this document that seems to confirm the database level access rights: http://msdn.microsoft.com/en-us/library/dd568727

although it doesn't mention anything for SecurityAdmin.

do you have a final answer on this topic? any official document?

 

Thanks,

Roberto.

*This post is locked for comments

I have the same question (0)
  • Verified answer
    Nick Haman Profile Picture
    Nick Haman on at

    The link you reference is correct, there is no impersonate user option. So to recap, here is what is needed to create/sync users:

    1. Security admin at the server level. This is because we create logins at the server level. When a login is member of security admin at the server level they don't need to be securityadmin at the database level

    2. db_accessadmin on the NAV database and master. This is in order to create databaser users in both.

    3. db_owner of the NAV database.

    4. Granted “select on sysprocesses with grant option”

    5. Granted “view server state with grant option”

    NAV 2013 will be different, but this is how NAV 2009 works.

    Nick

  • Roberto Santoro Profile Picture
    Roberto Santoro 25 on at

    Thanks... Frankly I am a bit disappointed with such a poor user rights management and it doesn't seem very scalable to big enterprise level to me.

    Thanks a lot for your answer anyhow, it reassured me very much.

    Have a nice day,

    Roberto.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > 🔒一 Microsoft Dynamics NAV (Archived)

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans