Microsoft Dynamics Nav 2009

Synchronizes the information about a single user account in the Microsoft Dynamics NAV security system with the Microsoft SQL Server security system.




The Windows user account that you want to synchronize. You must specify a domain and user name, such as 'cronus\simon'.

If you use case-sensitive collations in SQL Server, then the case of the user account must match the case of the user account in SQL Server.

To run this function, you must have the permissions that are described in the following table.

Location Role

SQL Server

securityadmin or sysadmin


db_owner or db_securityadmin

Microsoft Dynamics NAV


To run this function, the license that is uploaded to the server must contain permissions for the Tools/Security granule. This is the same granule that is required if you synchronize logins from the Classic client.

If you are running with the Standard Security Model, then automatic synchronization occurs when you insert, modify, or delete a Windows login. If you are running with the Enhanced Security Model, then no automatic synchronization occurs, and you must manually synchronize security information.

You use this function only from the RoleTailored client or from Web services. If you call this function from the Classic client, then no action occurs.

End-user permissions do not change until the RoleTailored client is restarted.

Before the login is synchronized, this function verifies that there are no active database transactions in the current session that have not been committed. If there are transactions that have not been committed, then the SYNCHRONIZESINGLELOGIN function fails with the following error message:

C/AL function < function name > is not allowed in write transactions. Use the COMMIT function to save the changes before this call, or structure the code differently.

Open transactions that are in a separate session and have not been committed to the database do not affect the success or failure of the SYNCHRONIZESINGLELOGIN function. For example, if there are open transactions in a separate client or separate Web service session from the client or session that is executing the SYNCHRONIZESINGLELOGIN function, then these transactions do not cause the SYNCHRONIZESINGLELOGIN function to fail.

To synchronize all logins, use the SYNCHRONIZEALLLOGINS Function (Database).

This example retrieves the SID for a Windows user account, initializes the ID field based on the SID, inserts the new account into the Windows Login table, and then synchronizes the new account. This example requires that you create the following variables.

Name DataType Subtype Length







Windows Login


UserAccount := 'cronus\simon';
MyRecord.SID := SID(UserAccount);

Community Additions