Security Overview
Microsoft Dynamics GP provides several types of security:
System - System security controls access to system-wide setup information, such as setting up new user records, assigning user security, or printing reports that contain that information. System level security is controlled through the use of a password; only a few people should know the password.
Company - Company security controls access to companies on a per user basis. When you set up a new user record, it does not have access to any companies. Grant access using the User Access Setup window before the user can log in to Microsoft Dynamics GP.
Security Tasks - Security tasks are assigned to roles and grant access to windows, reports, files, and other resources within Microsoft Dynamics GP that users need to access to complete a specific task. Security tasks are new to Release 10.0.
Security Roles - Security roles contain the security tasks that a user needs to access to do their job. Roles are then assigned to individual users of Microsoft Dynamics GP. Security roles are new to Release 10.0.
Individual Users - Individual security is role-based in Microsoft Dynamics GP. Users must be assigned to a security role before they can access any forms, reports, or other data within Microsoft Dynamics GP. To begin assigning user security, identify the daily tasks that a user completes within Microsoft Dynamics GP. Then, select from the default security roles or create new security roles that only grant access to the tasks that the user needs. This process has changed with Release 10.0.
Module-Specific Tasks - Most Microsoft Dynamics GP modules have specific tasks that can be set up to require a password; each task can have a different password. If a password is required, all users attempting to complete that task must enter the password. See the setup documentation for each accounting module for information about these passwords.
Account - Account-level security enhances security and account views. Users can enter, edit, and view information from a reduced account set based on the access granted for accounts.
Field Level Security - Field level security restricts access to any field, window, or form in Microsoft Dynamics GP. It allows you to apply a password, or to make a window or form unavailable. It also allows you to hide, lock, or apply passwords to fields.
Operations
• A base level element of security for windows, for reports, for posting permissions, and for document access
Tasks
• A group of operations that are needed to complete a business task
• For example, the business task can be the Enter Vendors task and the Post Payables Transactions task
Roles
• A group of tasks that defines a particular job in a company
• DEFAULTUSER Role: automatically assigned to every role, grants access to basic areas that all GP Users need
• POWERUSER Role: automatically assigned to sa user, grants access to all areas and modules of GP
• Examples: Accounts Payable Specialist, Accounting Manager, Controller
Security Task & Security Roles:
Microsoft Dynamics GP 10.0 introduces new concepts when setting up security. The new security model takes a pessimistic view, meaning new users have no access in the application, where previously security access needed to be taken away from new users. Security tasks include access to resources to complete certain tasks in the application, such as entering vendors. Security roles grant access to a group of tasks associated with the role. Finally, security roles can be assigned to users within the application.
- Access to all windows, tables, reports and miscellaneous permissions are classed as Security Operations.
- A set of Security Operations required to perform a specific task are assigned to a Security Task.
- Multiple Security Tasks required to perform a specific role are assigned to a Security Role.
- Each User and Company combination can then have multiple Security Roles assigned to it.
Note: Operations may be assigned to multiple Security Tasks and Security Tasks may be assigned to multiple Security Roles.
In the situation when a system administrator knows which window (or report) they wish to grant access to a user, but does not know what Security Tasks or Security Roles are associated with the window, there is no simple method to obtain this information from within the application. It would be possible to scroll through each Security Task on the Security Task Setup window (Microsoft Dynamics GP >> Tools >> Setup >> System >> Security Tasks) and check if the window is selected, but this is time consuming. The Print Operation Access report which can be printed after selecting the window will show which users have access to the window, but not how that access was obtained based on the Security Roles and Security Tasks.
Security Task: to grant access to windows, reports, files, and other resources within Microsoft Dynamics GP that users need to access to complete specific tasks.
Security Roles: to create new security roles, modify previously created roles, or modify default security roles.
Security Table Information
Security Operations for a Security Task are stored in table “sySecurityAssignTaskOperations (SY10700)”.
Security Tasks are defined in table “sySecurityMSTRTask (SY09000)”.
Security Tasks for a Security Role are stored in table “sySecurityAssignTaskRole (SY10600)”.
Security Roles are defined in table “sySecurityMSTRRole (SY09100)”.
Security Roles for a User and Company combination are stored in table “sySecurityAssignUserRole (SY10500)”.
Field Level Security (Termed as Advanced Security in Dynamics GP V9.0) is an additional security layer (module) in Microsoft Dynamics GP that provides the ability to restrict access to any field, window or form. It does offer several options in terms of access restriction through Security Modes. Let us see what security modes the FLS possesses
| Password Before | Access is restricted for a field by password before field is accessed |
| Password After | Password must be entered for any changes to field to be saved |
| Access will be denied for a field combined with a warning | |
| User can’t use or modify the field | |
| Field will be displayed but will not be available | |
| Field won’t be displayed | |
| Window level security – Must enter password while opening the window | |
| Window level security – Only “sa’ password is permitted for displaying the window | |
| Form Level Security – Must enter password for accessing the form | |
| Disable Form | Form Level Security - Only “sa’ password is permitted for displaying the form |
Good Post
ReplyDeletethx buddy
ReplyDelete