web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics NAV (Archived) / Working with AD securi...
Microsoft Dynamics NAV (Archived)

Working with AD security groups

(0) ShareShare
ReportReport
Posted on by Stefan Gabriel 180

Hi there,

I did setup a pretty good security system for Windows file system security based on AD security groups. I tried to use that also for permissions in NAV 9.0R2, but that seems not to work correctly. I didn't find any documentation about that on the MS sites.

For instance:

- AD user Joe is member of the AD group "Sales Manager"

- AD group "Sales Manger" itself is member of the AD group "Sales"

- I added user Joe to NAV and gave him the roles "All" and "Basic". Therefore Joe is able login and view some basic information.

- Then I added group "Sales" to NAV and granted several roles needed for sales actitivity to that group

- After that I did a "Synchronize all Logins" to ensure Joe gets the permissions

- Expected bevaviour: since Joe is an indirect member of AD group "Sales" (through "Sales Manager"), he should get the permissions of "Sales". At least that is what Microsoft does for file system permissions.

But unfortunately that does not seem to work. NAV seems to take only direct assigned groups into account.

Any suggestions?

Regards

Stefan

*This post is locked for comments

I have the same question (0)
  • Suggested answer
    Neville Foyn Profile Picture
    Neville Foyn 4,320 on at

    Hi,

    Not sure what the official word on this is but from our testing that is how it works yes, only direct allocation, so in your example you would need to add the Sales Manager permissions to the NAV permission set to make it work not to the group the sales managers belong to.... hope that makes sense

  • Suggested answer
    Canto Profile Picture
    Canto 5 on at

    Hi Stefan,

    I has having the same problem and found your post. Even though some time has passed, I'm writing this for anyone that needs it.

    I 've further research and learned that you have to use the Extended Security Model in the database.

    You can check more information here and here.

    Best regards

    Ricardo Canto

  • Community Member Profile Picture
    Community Member on at

    Does this also work for NAV 2013R2?

  • Gunnar Gestsson Profile Picture
    Gunnar Gestsson 65 on at

    They have fixed this in newer versions.

  • Community Member Profile Picture
    Community Member on at

    Hello,  does it means is available also in NAV 2013 R2, or in NAV 2015 only?

  • keoma Profile Picture
    keoma 32,729 on at

    since nav 2013 it's necessary to create a nav account for each user. but you can skip setting a role (permission set), when adding the AD group(s) as NAV user(s) with type "windows group".

  • Community Member Profile Picture
    Community Member on at

    Hi,

    This is how I always did it. Add users to NAV, because for certain modules they need to be in. From RTC you need tem for the profile config i.e. . I nver assign roles to the users individualy, only to the security groups.

    When a new user starts in your company, you have to add him/her to the correct security group, and add the user to NAV.

    kr,

    Francis

  • Community Member Profile Picture
    Community Member on at

    Hi,

    I am also struggling with the configuration of AD User groups and NAV 2016.

    I want to install NAV 2016 in our University.

    We have an Active Directory with some Groups for students, lectures, admin etc.

    If I add an User directly to the WindowsClient (RTC) it works fine.

    But if I add our AD Group for example "Students", the members of these Groups are not able to log on.

    Because we have to many Students, it is not possible to add everyone . 

    Does someone as a solution for this Problem.

    Thanks in advance

    Stefan

  • Suggested answer
    keoma Profile Picture
    keoma 32,729 on at

    check if that windows group is also added as user in the database with needed permissions.

  • Community Member Profile Picture
    Community Member on at

    The Group is added to the SQL Server and the NAV DENO DB.

    The access from the development environment (ClassicClient) works fine.

    Only if you want to run a Page, Table in the Windows Client(RTC) you get the Message that the user does not have the permission to access MS Dynamics NAV.

    In 2016 I also miss the security configuration options: standard and enhanced.In the older versions it could be found on the options tab of the alter database configuration

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > 🔒一 Microsoft Dynamics NAV (Archived)

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans