Shawn Dorward – InterDyn Artis GP Related Security Presented by Shawn Dorward – InterDyn Artis Tweet During today’s meeting: @GPUG, #GPUGCharleston
SHAWN DORWARD Implementation Consultant GPUG Member for 6 Years! Favorite Benefit: Endless Resources (GPUG is the GP Manual!) Long Time Dynamics GP User and GPUG FAN! 17+ Years using Dynamics GP GPUG All-Star GPUG Summit Planning Committee (2014, 2015, 2016) & 2017!! GPUG Board of Advisors (2015) Carolinas Regional Chapter Leader (2012-Present)
Security for GP Related Products Learning Objective: Comprehensive review of security-related practices with Dynamics GP related applications
Session Overview Security Introduction Field Level Security Directory Accounts with GP MR Security Excel Reports SSRS Reports Account Security
Dynamics GP Application Security Overview Dynamics GP Application SA DYNSA POWERUSER ALL OTHER USERS DYNGRP Dynamics GP Security SQL Server
Dynamics GP Application Security Overview Does not look at GP Security Does not Use DYNGRP Dynamics GP Application SA DYNSA POWERUSER ALL OTHER USERS DYNGRP Dynamics GP Security SQL Server
Dynamics GP Application Security Overview Does not look at GP Security Accesses SQL via DYNGRP GP User Name does not allow SQL Access outside of GP GP Password is encrypted and not usable without the application and DYNGRP Dynamics GP Application SA DYNSA POWERUSER ALL OTHER USERS DYNGRP Dynamics GP Security SQL Server
Dynamics GP Application Security Overview Uses GP Security Accesses SQL via DYNGRP GP User Name does not allow SQL Access outside of GP GP Password is encrypted and not usable without the application and DYNGRP Dynamics GP Application SA DYNSA POWERUSER ALL OTHER USERS DYNGRP Dynamics GP Security SQL Server
Dynamics GP Application Security Overview Grants Access to Reports, Windows, and Forms Dynamics GP Application SA DYNSA POWERUSER ALL OTHER USERS DYNGRP Dynamics GP Security SQL Server
Dynamics GP Application Security Overview Access to SQL Via Application Dynamics GP Application SA DYNSA POWERUSER ALL OTHER USERS DYNGRP Dynamics GP Security SQL Server
Dynamics GP Application Security Overview Notice Power Users and other named users in GP can only access SQL via DYNGRP and the application Dynamics GP Application SA DYNSA POWERUSER ALL OTHER USERS DYNGRP Dynamics GP Security SQL Server
Field Level Security What is it? How do I use it? When shouldn’t I use it? How to Manage Security
Field Level Security Common Questions answered by FLS: Can I password a field? Can I remove or hide a field?
Field Level Security Use the Field Level Security window to restrict access to any field, window, or form. You can apply a password or make a window or form unavailable. It also allows you to hide, lock, or apply passwords to fields.
Field Level Security Field Level Security Not available? Check Registration
Dynamics GP Application How does it Fit? Dynamics GP Application SA DYNSA POWERUSER ALL OTHER USERS Field Level Security is separate from GP Security DYNGRP Dynamics GP Security SQL Server
Dynamics GP Application How does it Fit? Dynamics GP Application SA DYNSA POWERUSER ALL OTHER USERS Field Level Security is separate from GP Security
Dynamics GP Application How does it Fit? Dynamics GP Application SA DYNSA POWERUSER ALL OTHER USERS Field Level Security is separate from GP Security
Dynamics GP Application How does it Fit? Dynamics GP Application SA DYNSA POWERUSER ALL OTHER USERS Field Level Security Field Level Security Field Level Security Field Level Security is separate from GP Security
Dynamics GP Application How does it Fit? Dynamics GP Application SA DYNSA POWERUSER ALL OTHER USERS Field Level Security Field Level Security Field Level Security Field Level Security is separate from GP Security DYNGRP Dynamics GP Security SQL Server
Field Level Security – Let’s Put it to work! Company List Users Security ID List
Field Level Security Lets Remove “DELETE” button from Payables Batch
Field Level Security First – Add a new Field Security ID
Field Level Security Next Choose the Product, Form and Window
Field Level Security Choose the Security ‘Mode’
Field Level Security Setup Password ID if using Password (Why are we not able to password the delete button?)
Field Level Security Passwords can be changed or reset by a user with access to field level security Once the Field Security ID is setup, it must be assigned to user(s) and company(s).
Field Level Security
Field Level Security Click the user(s) Click the company(s) Select the ID(s) Notice Pending # Hit Apply
Field Level Security Password Before You must enter a password before getting access to a field. Password After You must enter a password after modifying a field for the changes to be saved. Warning Before A warning will be displayed and access to that field will be denied. Lock Field You can’t use or modify the field. Disable Field The field will be displayed but it will not be available. Hide Field The field won’t be displayed. Password Window You must to enter a password before access to the window is permitted. Disable Window Enter the system administrator’s password to have access to the window. Password Form Users/classes must enter a password before access to the form is permitted. Disable Form You must enter the system administrator’s password to modify the form.
Field Level Security Tips User must log out and back in Use in Test first Use modifier to find field ID Use ‘Print’ to generate ‘audit’ report
Dynamics GP Application Field Level Security Dynamics GP Application SA DYNSA POWERUSER ALL OTHER USERS Field Level Security Field Level Security Field Level Security Questions? DYNGRP Dynamics GP Security SQL Server
Directory Accounts with GP What is it? How do I use it? When shouldn’t I use it? How to Manage Security
Directory Accounts with GP Windows Account Select the Windows account to assign to the user ID. The Window account cannot be assigned to more than one Microsoft Dynamics GP user. This field is not available for sa and DYNSA users.
Directory Accounts with GP Web Client Only Option If this is marked, the Directory account is required! No SQL User Account created
Dynamics GP Application How does it Fit? Dynamics GP Application SA DYNSA POWERUSER ALL OTHER USERS Field Level Security Field Level Security Field Level Security DYNGRP Dynamics GP Security SQL Server
Dynamics GP Application How does it Fit? Dynamics GP Application
How does this fit? Dynamics GP Web Client SA DYNSA POWERUSER ALL OTHER USERS Field Level Security Field Level Security Field Level Security Directory Accounts Not Available Shared SQL User that is assigned DYNGRP Dynamics GP Security SQL Server
How does it Compare? Dynamics GP Web Client Only Dynamics GP Security SQL Server DYNGRP Dynamics GP Application SA DYNSA POWERUSER ALL OTHER USERS Field Level Security SA DYNSA POWERUSER ALL OTHER USERS Field Level Security Field Level Security Field Level Security Directory Account Not Available Shared SQL User that is assigned DYNGRP Dynamics GP Security SQL Server
How does it Compare? Dynamics GP Web Client Only Dynamics GP Security SQL Server DYNGRP Dynamics GP Application SA DYNSA POWERUSER ALL OTHER USERS Field Level Security SA DYNSA POWERUSER ALL OTHER USERS Field Level Security Field Level Security Field Level Security Shared SQL User that is assigned DYNGRP Dynamics GP Security SQL Server
Directory Accounts with GP If user accesses GP from thick client, GP User name is used If user accesses GP from web client, AD account is used.
Directory Accounts with GP Dynamics GP Web Client Questions? SA DYNSA POWERUSER ALL OTHER USERS Field Level Security Field Level Security Field Level Security Directory Accounts Not Available Shared SQL User that is assigned DYNGRP Dynamics GP Security SQL Server
MR Security What is it? How do I use it? When shouldn’t I use it? How to Manage Security
MR Security Connection to DB Windows Authentication? SQL User? For companies that use the data mart, security is based on the user’s Windows authentication. A separate user name and password are not required for company connection access.
MR Security Users AD Based
MR Security Groups (Not AD!) Groups are a great way to manage permissions to companies, reporting tree units and folders.
MR Security Assign new users to groups to make administering MR security much easier!
MR Security Use groups or users in Tree Security!
MR Security MR Roles
MR Security
MR Security Report Library
MR Security
How does this look? MR Application MR Application Legacy DataMart SQL Server MR Group MR Role MR Application Legacy Company Connection User Access Active Directory User Stored “Service” Account SQL Server MR Group MR Role MR Application DataMart Company Connection User Access Active Directory User Windows Authentication
Excel Reports Security What is it? How do I use it? When shouldn’t I use it? How to Manage Security Want to Deploy? Tools/Setup/System/Reporting Tools Setup Click Excel Reports Tab Pick Location to Deploy/Publish Pick Company Name to Deploy Select Publish
Excel Reports Security Authenticated Via AD AD Part of SQL Role Create New AD Group Assign Group access to SQL Role Copy/Paste with Connection File Share File Folder
Excel Reports Security SQL Server SQL Reporting Role Excel Reports User Access Active Directory User
SSRS Reports What is it? How do I use it? When shouldn’t I use it? How to Manage Security
SSRS Reports Remember those RPT_Roles? Use them here too! Folder Security Report Security Active Directory Groups Datasource Settings
SSRS Reports System Roles (From Reporting Services)
SSRS Reports Role Assignments (From Reporting Services) By User or Group (Both from Active Directory)
SSRS Reports Role Assignments Customize?
Reporting Service Role SSRS Reports SQL Reporting Role Reporting Service Role SSRS Reports User Access Active Directory User SQL Server
Let’s Put it all together! Dynamics GP Security SQL Server DYNGRP Dynamics GP Application SA DYNSA POWERUSER ALL OTHER USERS Field Level Security ??? Dynamics GP Security SQL Server Shared SQL User that is assigned DYNGRP Dynamics GP Web Client Only SA DYNSA POWERUSER ALL OTHER USERS Field Level Security Directory Account Not Available SQL Server SQL Reporting Role Excel Reports User Access Active Directory User SQL Reporting Role Reporting Service Role SSRS Reports User Access Active Directory User SQL Server SQL Server MR Group MR Role MR Application DataMart Company Connection User Access Active Directory User Windows Authentication SQL Server MR Group MR Role MR Application Legacy Company Connection User Access Active Directory User Stored “Service” Account
Let’s Put it all Together GP WebClient SQL Excel Reports MR SSRS Reports User Name sdorward domain\sdorward Windows Account Access to SQL DYNGRP N/A SQL rpt_ Role Service Account
Account Security Activate Account Security (Do this with a plan in place and a test company first) Tools >> Setup >> Company >> Company
Account Security Define Org Structure Categories: Tools >> Setup >> System >> Org Structures
Account Security Define Org Structure Categories: Tools >> Setup >> System >> Org Structures
Account Security Assign Accounts to Category
Account Security Assign Org Structure to User Tools/Setup/System/User
Account Security Reference: http://mohdaoud.blogspot.com/2010/06/dynamics-gp-account-level-security_109.html
Shawn Dorward @ShawnMDorward Shawn.Dorward@InterDynArtis.com 9/23/2019 3:39 AM Shawn Dorward Shawn.Dorward@InterDynArtis.com @ShawnMDorward © 2016 Dynamic Communities. All rights reserved. DYNAMIC COMMUNITIES MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.