image Microsoft Dynamics NAV comes packed with a set of predefined roles for many tasks such as editing or posting journals, creating sales orders, editing fixed assets, etc. It also comes packed with a SUPER role, which can do just about anything it wants.

There are two problems with the SUPER role. They are kind of pretty much entangled together.

The first one is—SUPER can do just about anything it wants (um, did I say that already?). The second one is—there are far more super users out in the wild than there should be. Is this your experience, too?

Working as a consultant, and having seen sorts of horror situations such as developers accidentally DELETEALL-ing the G/L Entry table or posting test invoices in production database, I often suggest to my customers to simply setup up a SUPER-READONLY user role, which still has access to everything, but just cannot make any changes. With this, you just eliminate any possible risk of someone accidentally doing mess in the system (which is exceptionally easy in NAV 4.0 and above, except for 2009 with RTC if you follow Mark’s ingeniously simple tip).

All you need to do is:

1. Go to Tools, Security, Roles

2. Create a new role, call it SUPER (READ-ONLY)

3. Click on permissions

4. Populate the form with values such as these:

Read-only role setup for NAV

And that’s it. So now you can assign this role to your consultants and your support personnel and give them a full unrestricted read-only access to the whole system, without having to worry if any action they did will lose your sleep at night.

Read this post at its original location at, or visit the original blog at )