Share This Post

NAV Updates

Dynamics NAV Security and Protection

Dynamics NAV Security and ProtectionMicrosoft Dynamics NAV 2018 offers the security system that allows administrators to manage the user access to the objects and information in the Dynamics NAV database. Because the MS Dynamics Navision database is in the SQL Server, the Dynamics NAV security system and the SQL Server security system work together to help, ensure that only authorized users can gain access to the MS Dynamics Navision database.

Dynamics NAV Security

Dynamics NAV Security

The enterprise business solution must have a built-in security system that supports protect your database and the information that it contains from unauthorized access. It also allows you to mention what authorized users are allowed to do in the database, such as what data they can read and modify.

Dynamics NAV Security Overview

You can use the below table as a checklist to support set up a more secure Dynamics NAV environment.

To See
 Install Dynamics NAV software.  You must take the decisions about where you install Dynamics NAV   components.

Working with Microsoft Dynamics NAV Setup

 Activate your Dynamics NAV   license.  How to: Upload the License File
 Create users.  How to: Create Microsoft Dynamics NAV Users
 Assign users to permission sets.  How to: Define Permissions for Users
 Configure Role Centers.  Profiles and Role Centers
 Assign users to profiles.  Managing Users

Enhancing Microsoft Dynamics NAV Server Security

Microsoft Dynamics NAV Server is the .NET-based Windows Service app that works exclusively with the SQL Server databases. Microsoft Dynamics NAV Server offers the additional layer of security between the clients and the database. It leverages the authentication features of the Windows Communications Framework to offer another layer of user authentication and uses impersonation to ensure that the business logic is executed in a process that has been instantiated by the user who submitted the request. This means that authorization and the logging of user requests are performed on a per-user basis.

Login Account

After you install the Microsoft Dynamics NAV Server, the default configuration is for the service to log on using the NT Authority\Network Service account. If Microsoft Dynamics Navision Server and the SQL Server are on different computers, then we recommend that you configure the Microsoft Dynamics NAV Server to log on using the dedicated Windows domain user account instead. This account should not be the administrator either in the domain or in any local computer. The dedicated domain user account is considered more secure because no another service and therefore no other users have permissions for this account.

Disk Quotas

Client users can send the files to be stored in the MS Dynamics NAV Server, so we recommend that the administrators set up disk quotas on all the computers running Microsoft Dynamics NAV Server. This can prevent users from uploading too many files, which can create the server unstable. Disk quotas track and control disk space usage for NTFS volumes, which allows administrators to control the amount of data that each user can store on a specific NTFS volume.

Limiting Port Access

The Dynamics Navision Setup program opens the port in a firewall on the computer where you install the Microsoft Dynamics NAV Server. By default, this is port 7046. To improve Dynamics NAV security, you can consider limiting access to this port to a specific subnet. One method is to use,netsh which is the command-line tool for configuring and for monitoring the Windows-based computers at the command prompt. The specific version of this command that you would use is.netsh firewall set portopening For example, the following command limits access to port 7046 to the specified addresses and subnets:

netsh firewall set portopening protocol=TCP port=7046 scope=subnet addresses=LocalSubnet  

Data Encryption Between Microsoft Dynamics NAV Server and the SQL Server

When the SQL Server and the Microsoft Dynamics NAV Server are running on different computers, you can create this information channel more secure by encrypting the connection with IPSec.

Transparent Data Encryption (TDE)

You can use the Transparent Data Encryption (TDE) to encrypt the SQL Server and Azure SQL Database information files at rest. In this scenario where the physical media are stolen, the malicious party can just restore or attach the database and browse the data. With TDE (Transparent Data Encryption) you can encrypt the sensitive information in the database and protect the keys that are used to encrypt the data with a certificate. TDE performs real-time I/O encryption and decryption of the data and logs files to protect data at rest. TDE can assist in the ability to comply with many laws, regulations, and the guidelines established in the various industries.

Data Security

Data Security

Data Security

The Dynamics NAV Security system allows you to control which objects or tables the user can access within each database. You can mention the type of access that each user has to these objects and the tables, whether they are able to read, modify, or enter information.

The Microsoft Dynamics NAV Security System

You can mention which records are stored in the tables that each user is allowed to access it. This means that the permissions can be allocated at both the table level and record level.

The security system contains data about the permissions that have been granted to each user who can access the particular database.

This data adds the roles that the users have been assigned, as well as any permissions that they have been granted to individual users.

There are four different levels of security:

  • Database
  • Company
  • Object
  • Record

Graphically, these can be represented as the layers, where a central layer is recorded in the database.

Configuring User Authentication

To configure Dynamics NAV to authenticate users.

  • Users and Credential Types
  • Authenticating Users with Microsoft Azure Access Control Service
  • Authenticating Users with Azure Active Directory
  • Authenticating Users with Active Directory Federation Services

Set Security Filters

You set Dynamics Navision security filters to limit the access that a user has to data in a table. You set the security filters on permission sets, which you assign to the users.

To set a security filter

  1. In a Search box, enter Permission Sets, and then select the related link.
  2. On the Permission Sets page, choose the permission set to which you want to include the security filter, and then choose Permissions.
  3. On a Permissions page, on the row for the table information to which you want to include the security filter, in the Security Filter column, choose the Assist Edit button. The Table Filter page opens.
  4. In a Table Filter page, in the Field Number column, choose the field on which you want to limit the user’s access. For example, if you want to create the security filter so that the user can see the sales with a particular salesperson code, then choose the field number for the Salesperson Code field. The Field Caption column in the Table Filter page is filled in automatically after you choose the field number.
  5. In the Field Filter column, enter the value of the field that you want to use to limit access. For example, to limit the user’s access to Annette Hill’s sales, enter AH, which is the only salesperson code for Annette Hill, in a Field Filter.

Share This Post

Leave a Reply

avatar
  Subscribe  
Notify of
Skip to toolbar