Security is an important part
of any ERP system and Dynamics GP provides a robust security model that
rolls up individual item access into tasks and tasks into roles. Roles
can then be applied to individual users, providing fine grain control of
security with minimal work after the initial setup.
While the setup and maintenance of security in
Dynamics GP could fill a book by itself, there are a couple of critical
settings that every administrator needs to be aware of.
Dynamics GP security contains
a master switch that turns all security on or off. The original purpose
of this switch was to allow setup and testing of the system while
security was still being configured. Then, like Chevy Chase's Christmas
lights in the movie National Lampoon's Christmas Vacation, a master
switch could be flipped and security would be active. As Dynamics GP has
matured it has become easier to add users to a Power User role, giving
them access to everything in the system during setup and testing while
leaving security active. The master security switch still remains and
administrators need to ensure that it is on.
Located below the security master switch is an
Account Security switch. Often users think that if security is on,
turning on account security must mean more security. What account
security does is it limits access to accounts based on an organizational
structure that needs to be set up first. If an organization structure
is not set up all users are denied access to the chart of accounts and
it appears that the chart of accounts has been deleted. Few checkboxes
in Dynamics GP can induce the stomach-dropping fear that comes with
inadvertently selecting the Account Security checkbox. This is easily one of the most panicky support calls I see and certainly it is the one with the easiest fix.
Setting up security and account security aren't
recipes, they are more like Thanksgiving dinners. For this recipe, we'll
trim it down to a snack and show how to ensure that security is on and
account security is off.
How to do it...
To activate security and deactivate account security in Dynamics GP:
1. Select Administration from the Navigation Pane. Select Company under the Setup and Company headers on the Administration Area Page.
2. Select the Security checkbox on the lower right to activate security. If it is already marked, security is on; congratulations!
3. Below that is the Account Security checkbox. Simply deselect the checkbox to ensure that account security is off.
How it works...
These are two very basic settings that often trip up
administrators. It's maddening to see a very detailed security model
with a lot of work put into it and then find the Security
checkbox deselected. Don't even think about the effect on an
administrator's career if an auditor finds this checkbox deselected.
It's also career limiting to have the CFO asking where the chart of
accounts has disappeared to because someone accidently turned on account
security. Don't misunderstand, account security is a great feature;
it's just not one that should be turned on lightly.
There's more...
Given the power of these checkboxes, access to them
should be secured as well. For complicated security setups and
additional security features consider third-party solutions.
Security for Security
The Security and Account Security checkboxes are powerful. Once they are set up correctly, it is important that security be restricted to the Company Setup window to prevent a user from disabling security entirely by simply deselecting a checkbox.
Security Solutions
There are several third-party
solutions that build on Dynamics GP security making security management
easier and adding additional features. For example, FastPath's Config
AD product synchronizes user passwords with Windows Active Directory
passwords to allow multiple single sign on options. Additionally, Config
AD provides an interface outside of Dynamics GP to assign security
roles to users. This allows a central security manager to assign
Dynamics GP security to users without using up a Dynamics GP license or
providing excessive access to the security manager.