Thanks for the hint!
Well, "hardening" a NAV database outside the internal NAV security system is actually a really mean issue. Once this "$ndo$shadow" role was bypassed - e.g. simply using MS Excel to connect to the SQL Server - the only role applied is "public", which grants them way too many rights ...
My customer is quite aware of this and we have started a global "database security" project. And thanks to your advice we will consider the "guest" issue, too, of course.
But the primary goal was to get easy access to these remote Views, and that's solved (again, thanks a bunch).
Now we will dig into the "hardening" stuff ...
Jörg A. Stryk
MVP - MS Dynamics NAV