What makes up the elements of security in Microsoft Dynamics GP?
One of the first things to keep in mind is that Dynamics GP security is only “granted”; it’s not assumed. That means that every User in your system must have been given the permissions that they have. As soon as you set up Users, they cannot do anything in Dynamics GP until you give them access to companies and grant them access to the tasks to do within each company. It is also “Role-Based”, so the Users must be granted their appropriate roles.
Every User created in Dynamics GP creates a User in your SQL environment. Each of the Users who are set up are then given a User assignment to the companies they should have access to. Users then need to be assigned User roles in each of the companies. Each of the User roles has at least one but possibly dozens of tasks assigned to those roles. Under each of these tasks is what we call sub tasks (these are the granular task details of what exactly Users can do in Dynamics GP).
Other security available in Dynamics GP (out of the box) is Account Security and Field Level Security. With these you can limit the accounts certain Users post to or set a big variety of security around various fields throughout Dynamics GP. You can hide them or make Users enter passwords before being able to modify fields.
One of the reasons that the system User who can create Dynamics GP User IDs needs a special login is specifically because this security right is authorised to make changes to SQL. Primarily it is to be able to add Users in SQL and grant access to companies. This is exactly what happens when adding a User.
TIPS FOR SECURITY
TIP: When adding Users or changing passwords, use the “Advanced SQL Server Options” to force Users to create their own passwords the first time they log in. This is the most recommended security for Users. Keep in mind that it will enforce the password policy of your system. Not SQL, but your Active Directory password policies are enforced here.
You can find out more about this here.
TIP: When replacing Users with new employees or when adding employees to the team who act in the same capacity as other team members, copy User security, access, home page roles, home page content (quick links and reports), and area pages to the new User. This is quite a handy shortcut and ensures that Users are set up uniformly.
TIP: If Modifying the Roles, copy the default roles (those with an asterisk in the name) and make your changes.
TIP: When creating new roles or copying from existing, use the Role Name field to list in summary the permissions. This is the field that displays in the User security window. This will make it easier to know what you are granting.
TIP: Make User security uniform to help with audits.
TIP: Out-of-the-box security reports won’t work. Find one of the views that several of the MVPs have developed to help report on securities in an Excel refreshable or SSRS report.
BIG TIP: If you have a sub-task and you need to see who exactly has access to this one specific sub-task, open that sub-task in any role at Administration>Security>Tasks. Highlight the sub-task, and in the bottom left corner, click to run the report—voila!
