Standard vs Enhanced security in Navision

I was going to reply in this thread:

 http://dynamicsuser.net/forums/p/24479/130567.aspx#130567

But felt it better to keep this as a seperate thread.

So I personally only ever use Standard Security model. In my personal experience the only case I have ever seen for enhanced is in simplifying SOX compliance. This is only a percieved benefit, not a rael one.

SOX compliance in it self is basically like building a Potemkin Village, so my question is to ask "does Enhanced actually give additional security, or is it just a misguided belief."

I brought one client to SOX compliance, on 3.70 BEFORE Enhanced security. In that case though the cost was that we had to have seperate doucmentation abotu how Navision controls table security compared to how SQL is handling it on its own. i think that cost 9of a few pages of documentation) is far outweighed by the cost of managing Enhanced security.

But I really would like to hear other peoples opinions on this.

I have the same opinion and have always implemented standard Security Model. Last project the consultant had mentioned that the difference and client chose Enhanced SOX. It would take 3 hours to sync the security. The idea behind enhanced security model, I think was a hacker could crack the finsql.exe and you could then do anything you wanted on sql provided you had some login/pw. That standard has one application role, and if a hacker cracked the password, then they would/could do more damage. So it is safer for server to handle security than the client. So if the idea is that to be SOX complaint is to be on safer system, then all companies should go and use unix, or linux, or mainframes, not that they are, or use vpn or scan retinas every 10 seconds. But obviously that's not practical. So if Enhanced Security model is not practical, it will jeopardize the success of the project, I would keep it at standard. The client can always implement it 3 week later or whenever the auditors bring it up. Which will be never.

Well as I said, SOX is nothing more than a Potemkin Village designed to create employment for a certain category of consultants. I totally agree that some of the ridiculous hoops they make their client jump through often open up huge security gaps.

But my impression with Enhanced security is not really to make it more secure, but to make it eaier for SOX consultant to sign off that it is secure, since they can go into SQL and run a script that shows that what security is set and they dont need to go into Navision at all.

This was the issue we had on this 3.70 install, that we had to basically train the SOX consultant in NAV security, so he could eel happy that the Accountants could not delete GL entries etc.

 

I really appreciate your input on this Rashed. Thanks.

We have written reports in NAv for security that auditors run.

Rashed:

We have written reports in NAv for security that auditors run.

 

In our case the customer had purchased the full App builder and SOln developer licenses, so the auditors also needed control over the controlers.

 

It was a fun project.