User Does Not Have Access Privileges Microsoft Word
-->
Word cannot open the document: user does not have access privileges. Client has 2 offices with the 2003 server physicaly in one of the offices but none of client pc's log onto the domain, all part of workgroup so they all run as seperate pc's. I copied documents from one pc in the office with the server to the server. On the server created a. In word I can insert an equation via equation editor 3.0- but if I try to edit that equation I get the message 'Word cannot open the document: user does not have access privileges'. I can insert and edit in both Wordperfect and Excel - just not in Word how can I get rid of or get around this message.
To control data access, you must set up an organizational structure that both protects sensitive data and enables collaboration. You do this by setting up business units, security roles, and field security profiles.
Tip
Check out the following video: How to set up security roles.
Security roles
A security role defines how different users, such as salespeople, access different types of records. To control access to data, you can modify existing security roles, create new security roles, or change which security roles are assigned to each user. Each user can have multiple security roles. See Predefined security roles.
Security role privileges are cumulative: having more than one security role gives a user every privilege available in every role.
What Does It Mean When Word Says User Does Not Have Access Privileges
Each security role consists of record-level privileges and task-based privileges.
Record-level privileges define which tasks a user with access to the record can do, such as Read, Create, Delete, Write, Assign, Share, Append, and Append To. Append means to attach another record, such as an activity or note, to a record. Append to means to be attached to a record. More information: Record-level privileges.
Task-based privileges, at the bottom of the form, give a user privileges to perform specific tasks, such as publish articles.
The colored circles on the security role settings page define the access level for that privilege. Access levels determine how deep or high in the organizational business unit hierarchy the user can perform the specified privilege. The following table lists the levels of access in the app, starting with the level that gives users the most access.
Icon | Description |
---|---|
Global. This access level gives a user access to all records in the organization, regardless of the business unit hierarchical level that the environment or the user belongs to. Users who have Global access automatically have Deep, Local, and Basic access, also. Because this access level gives access to information throughout the organization, it should be restricted to match the organization's data security plan. This level of access is usually reserved for managers with authority over the organization. The application refers to this access level as Organization. | |
Deep. This access level gives a user access to records in the user's business unit and all business units subordinate to the user's business unit. Users who have Deep access automatically have Local and Basic access, also. Because this access level gives access to information throughout the business unit and subordinate business units, it should be restricted to match the organization's data security plan. This level of access is usually reserved for managers with authority over the business units. The application refers to this access level as Parent: Child Business Units. | |
Local. This access level gives a user access to records in the user's business unit. Users who have Local access automatically have Basic access, also. Because this access level gives access to information throughout the business unit, it should be restricted to match the organization's data security plan. This level of access is usually reserved for managers with authority over the business unit. The application refers to this access level as Business Unit. | |
Basic. This access level gives a user access to records that the user owns, objects that are shared with the user, and objects that are shared with a team that the user is a member of. This is the typical level of access for sales and service representatives. The application refers to this access level as User. | |
None. No access is allowed. |
Important
To ensure that users can view and access all areas of the web application, such as entity forms, the nav bar, or the command bar, all security roles in the organization must include the Read privilege on the Web Resource
entity. For example, without read permissions, a user won't be able to open a form that contains a web resource and will see an error message similar to this: 'Missing prvReadWebResource
privilege.' More information: Create or edit a security role
Record-level privileges
PowerApps and customer engagement apps (Dynamics 365 Sales, Dynamics 365 Customer Service, Dynamics 365 Field Service, Dynamics 365 Marketing, and Dynamics 365 Project Service Automation), use eight different record-level privileges that determine the level of access a user has to a specific record or record type.
Privilege | Description |
---|---|
Create | Required to make a new record. Which records can be created depends on the access level of the permission defined in your security role. |
Read | Required to open a record to view the contents. Which records can be read depends on the access level of the permission defined in your security role. |
Write | Required to make changes to a record. Which records can be changed depends on the access level of the permission defined in your security role. |
Delete | Required to permanently remove a record. Which records can be deleted depends on the access level of the permission defined in your security role. |
Append | Required to associate the current record with another record. For example, a note can be attached to an opportunity if the user has Append rights on the note. The records that can be appended depend on the access level of the permission defined in your security role. In case of many-to-many relationships, you must have Append privilege for both entities being associated or disassociated. |
Append To | Required to associate a record with the current record. For example, if a user has Append To rights on an opportunity, the user can add a note to the opportunity. The records that can be appended to depend on the access level of the permission defined in your security role. |
Assign | Required to give ownership of a record to another user. Which records can be assigned depends on the access level of the permission defined in your security role. |
Share | Required to give access to a record to another user while keeping your own access. Which records can be shared depends on the access level of the permission defined in your security role. |
Overriding security roles
The owner of a record or a person who has the Share privilege on a record can share a record with other users or teams. Sharing can add Read, Write, Delete, Append, Assign, and Share privileges for specific records.
Teams are used primarily for sharing records that team members ordinarily couldn't access. More information: Manage security, users and teams.
It's not possible to remove access for a particular record. Any change to a security role privilege applies to all records of that record type.
Team member's privilege inheritance
User and Team privileges
- User privileges: User is granted these privileges directly when a security role is assigned to the user. User can create and has access to records created/owned by the user when Basic access level for Create and Read were given. This is the default setting for new security roles.
- Team privileges: User is granted these privileges as member of the team. For team members who do not have user privileges of their own, they can only create records with the team as the owner and they have access to records owned by the Team when Basic access level for Create and Read were given.
A security role can be set to provide a team member with direct Basic-level access user privileges. A team member can create records that they own and records that have the team as owner when the Basic access level for Create is given. When the Basic access level for Read is given, team member can access records that are owned by both that team member and by the team.
This member's privilege inheritance role is applicable to Owner and Azure Active Directory (Azure AD) group team.
Note
Prior to Team member's privilege inheritance release in May 2019, security roles behaved as Team privileges. Security roles created before this release are set as Team privileges and security roles created after this release are by default set as User privileges.
Create a security role with team member's privilege inheritance
Prerequisites
These settings can be found in the Power Platform admin center by going to Environments > [select an environment] > Settings > User's + permissions > Security roles.
Make sure you have the System Administrator or System Customizer security role or equivalent permissions.
Check your security role:
- Follow the steps in View your user profile.
- Don't have the correct permissions? Contact your system administrator.
Select an environment and go to Settings > User's + permissions > Security roles.
On the command bar, select New.
Enter a role name.
Select the Member's privilege inheritance drop-down list.
Select Direct User/Basic access level and Team privileges.
Go to each tab and set the appropriate privileges on each entity.
To change the access level for a privilege, select the access-level symbol until you see the symbol you want. The access levels available depend on whether the record type is organization-owned or user-owned.
Note
You can also set this privilege inheritance property for all out-of-the-box security roles except the System Administrator role. When a privilege inheritance security role is assigned to a user, the user gets all the privileges directly, just like a security role without privilege inheritance.
You can only select Basic level privileges in the member's privilege inheritance. If you need to provide access to a child business unit, you will need to elevate the privilege to Deep; for example, you need to assign a security role to the Group team and you want the members of this group to be able to Append to Account. You setup the security role with a Basic level member's privilege inheritance and in the Append to Account privilege, you set it to Deep. This is because Basic privileges are only applicable to the user's business unit.
-->If you get a new employee, your company's system administrator or IT pro has to add them to your Dynamics NAV. Then, you can assign them access to the relevant parts of the product based on their work area by assigning user groups and permissions.
Permission sets define which database objects, and thereby which UI elements, users have access to, and in which companies.
A permission set is a collection of permissions for specific objects in the database. All users must be assigned one or more permission sets before they can access Dynamics NAV. A number of predefined permission sets are provided by default. You can use these permission sets as already defined, modify the default permission sets, or create additional permission sets.
You can add users to user groups. This makes it easier to assign the same permission sets to multiple users.
Administrators can use the User Setup window to define periods of time during which specified users are able to post, and also specify if the system logs the amount of time users are logged on.
To assign permissions to a user
- Choose the icon, enter Users, and then choose the related link.
- Select the user that you want to assign permission to.Any permission sets that are already assigned to the user are displayed in the Permission Sets FactBox.
- Choose the Edit action to open the User Card window.
- On the User Permission Sets FastTab, on a new line, fill in the fields as necessary. Choose a field to read a short description of the field or link to more information.
To group users in user groups
You can set up users groups to help you manage permission sets for groups of users in your company. You can use a function to copy all permission sets from an existing user group to your new user group. User group members are not copied.
Choose the icon, enter User Groups, and then choose the related link.
Alternatively, in the Users window, choose the User Groups action.
In the User Groups window, select an existing user group that you want to copy, and then choose the Copy User Group action.
In the New User Group Code field, specify the name of the new user group, and then choose the OK button.
As an alternative to copying, you can choose the New action to create a new line for an empty user group, which you then fill in manually.
To add new or additional users, in the User Group window, choose the User Group Members action.
In the User Group Members window, on a new line, fill in the fields as necessary by selecting from existing users.
To add new or additional permission sets, in the User Group window, choose the User Group Permission Sets action.
In the User Group Permission Sets window, on a new line, fill in the fields as necessary by selecting from existing permission sets.
To create or modify permission sets
If the default permission sets that are provided with Dynamics NAV are not sufficient or not appropriate for your organization, you can create new permission sets. And if the individual object permissions that define a permission set are not adequate, you can modify a permission set. You can create a permission set manually, or you can use a recording function that records your actions as you navigate through a scenario and then generates the required permission set.
To create or modify permission sets manually
Choose the icon, enter Users, and then choose the related link.
In the Users window, choose the Permission Sets action.
In the Permission Sets window, choose the New Action.
On a new line, fill in the fields as necessary.
Choose the Permissions action.
In the Permissions window, fill in the fields on the header as necessary.
On a new line, fill in the five fields for the different permission types as described in the following table.
Option Description Blank Specifies that the permission type is not granted for the object. Yes Specifies that the permission type is granted with direct access to the object. Indirect Specifies that the permission type is granted with indirect access to the object. Indirect permission to a table means that you cannot open the table and read from it, but you can view the data in the table through another object, such as a page, that you have direct permission to access. For more information, see the “Example - Indirect Permission” section in this topic.
In the Security Filter field, enter a filter that you want to apply to the permission by selecting the field on which you want to limit a user's access.
For example, if you want to create a security filter so that a user can view only sales with a specific salesperson code, you choose the field number for the Salesperson Code field. Then, in the Field Filter field, you enter the value of the that you want to use to limit access. For example, to limit a user's access to only Annette Hill's sales, enter AH.
Repeat steps 7 and 8 to add permissions for additional objects to the permission set.
To create or modify permission sets by recording your actions
Choose the icon, enter Users, and then choose the related link.
In the Users window, choose the Permission Sets action.
In the Permission Sets window, choose the New Action.
On a new line, fill in the fields as necessary.
Choose the Permissions action.
In the Permissions window, choose the Start action.
A recording process starts to capture all your actions in the user interface.
Go to the various windows and activities in Dynamics NAV that you want users with this permission set to access. You must carry out the tasks that you want to record permissions for.
When you want to finish the recording, return to the Permissions window, and then choose the Stop action.
Choose the Yes button to add the recorded permissions to the new permission set.
For each object in the recorded list, specify if users are able to insert, modify, or delete records in the recorded tables. See step 7 in the 'To create or modify permission sets manually' section.
Example - Indirect Permission
You can assign an indirect permission to use an object only through another object.For example, a user can have permission to run codeunit 80, Sales-Post. The Sales-Post codeunit performs many tasks, including modifying table 37, Sales Line. When the user posts a sales document, the Sales-Post codeunit, Dynamics NAV checks if the user has permission to modify the Sales Line table. If not, the codeunit cannot complete its tasks, and the user receives an error message. If so, the codeunit runs successfully.
However, the user does not need to have full access to the Sales Line table to run the codeunit. If the user has indirect permission to the Sales Line table, then the Sales-Post codeunit runs successfully. When a user has indirect permission, that user can only modify the Sales Line table by running the Sales-Post codeunit or another object that has permission to modify the Sales Line table. The user can only modify the Sales Line table when doing so from supported application areas. The user cannot run the feature inadvertently or maliciously by other methods.
To set up user time constraints
Administrators can define periods of time during which specified users are able to post, and also specify if the system logs the amount of time users are logged on. Administrators can also assign responsibility centers to users.
- Choose the icon, enter User Setup, and then choose the related link.
- In the User Setup window opens, choose the New action.
- In the User ID field, enter the ID of a user, or choose the field to see all current Windows users in the system.
- Fill in the fields as necessary.
User Does Not Have Access Privileges Ms Word
See Also
Microsoft Word Error User Does Not Have Access Privileges
Getting Ready for Doing Business
Setup and Administration in Dynamics NAV
Welcome to Dynamics NAV
Working with Dynamics NAV
Creating Microsoft Dynamics NAV Users