Create User or Assign Company Access Without Using sa

Microsoft Dynamics GPWith Microsoft Dynamics GP, there are only two user accounts which can, by default, create new users or assign access to companies; these the the sa (SQL Server System Administrator) and DYNSA (Dynamics GP System Administrator).

The former account should only be used when absolutely necessary (such as when implementing Microsoft Dynamics GP or moving it to a new SQL Server Instance; there are some ISV products which also insist on the sa account when it isn’t strictly necessary from a tecHnical perspective).

The recommended way of maintaining security is to configure a normal user account with the permissions necessary to create and assign users to companies. There are a few steps to go through to assign the relevant security.

Mark Polino did a post a while ago on adding users without using the sa account, but, in this post, Mark assigned the sysadmin role to the user. While this will do the job, and in fewer steps, I prefer to lock down security so users only have the permissions required, which precludes assigning a sysadmin role. The reason for this is both best practice, but also that I have several clients who will not allow the sysadmin role to be assigned to a GP user.

The following steps cover the minimum security required for a user to be able to add new users or assign them access to companies.

Assign the user to all companies in Microsoft Dynamics GP (this is done in the User Access Setup window (Administration area page » Setup » System » User Access):

User Access Setup

Continue reading “Create User or Assign Company Access Without Using sa”

Implementing Enhanced Notes: Configure Security

GP Elementz Enhanced NotesThis post is part of a series on Implementing Enhanced Notes from ISC Software Solutions.

When Enhanced Notes is deployed to a company, there are two security roles created:

  1. ENHANCED NOTES – which gives users access ton the Enhanced Notes instead of the standard Dynamics GP Notes window.
  2. ENHANCED NOTES SETUP – which allows users to change the configuration of the Enhanced Notes module.

All non-POWERUSER* users are automatically assigned the Enhanced Notes security role when it is installed, but future users will need to be assigned it via User Security Setup (Adminstration » Setup » System » User Security):

User Security Setup

Any user other than a POWERUSER* will need to be assigned the Enhanced Notes Setup role.

Have an enquiry for ISC Software Solutions?

If you’re interested in speaking to ISC Software about consultancy, upgrades, implementation, development, GP Elementz add-ons or portals, or anything else, you can use the form below.






Your Name (required):
Your Email (required):
Subject:
Enquiry message:

Implementing SmartConnect: Configure Security

eOne SolutionsThis post is part of the series on Implementing SmartConnect, an integration tool from eOne Solutions, which can take data from any source and integrate it into Microsoft Dynamics GP (and other systems such as Microsoft Dynamics CRM or Sales Force amongst others). It has a drag and drop interface to make creating integrations quick and easy for all users rather than just developers (as many integration tools target).

For SmartConnect to function correctly, the service account needs to be added as a user. Do this by opening the Security window from the Setup tab:

SmartConnect Setup tab

Continue reading “Implementing SmartConnect: Configure Security”

Implementing SmartConnect: Assign SQL Login Security

eOne SolutionsThis post is part of the series on Implementing SmartConnect, an integration tool from eOne Solutions, which can take data from any source and integrate it into Microsoft Dynamics GP (and other systems such as Microsoft Dynamics CRM or Sales Force amongst others). It has a drag and drop interface to make creating integrations quick and easy for all users rather than just developers (as many integration tools target).

A couple of days ago, I covered the installation of SmartConnect, but there are a few additional steps required.

One of these steps is to configure the SmartConnect account with access to update mdgp. This account is the one used by SmartConnect when running the maps; it requires DYNGRP access to all of the mdgp databases in order to both select, insert and update information.

To do this, open SQL Server Management Studio, expand the Security and Logins nodes, find the SmartConnect user account created during the installation, right-click and select Properties.

Select User Mapping, select the DYNAMICS database (assuming you’re using the default system database name), scroll down in the bottom of the window and mark DYNGRP:

SQL Login Properties

Repeat the above step for all of the companies databases and then click OK to commit the changes.

Hands On With Microsoft Dynamics GP 2018 R2 New Features: Increase Dynamics GP Password Maximum Length

Microsoft Dynamics GPThis post is part of the Hands On With Microsoft Dynamics GP 2018 R2 New Features series in which I am going hands on with the new features introduced in Microsoft Dynamics GP 2018 R2 (which was released on the 2nd October). I reblogged the new features as Microsoft announced them along with some commentary of how I thought they would be received by both my clients and I. In this series, I will be hands on with them giving feedback of how well they work in reality.

The eleventh new feature is Increase Dynamics GP Password Maximum Length. This feature sees the maximum length of user passwords increased from 15 to 21 characters:

User Setup

Any increase in the maximum length of passwords is to be welcomed, but, seeing as this change required a database schema change to increase the SQL field length from 15 to 21, I am a little surprised that the new length is only 21 characters.

Click to show/hide the Hands On With Microsoft Dynamics GP 2018 R2 New Features Series Index

Script to Insert Microsoft Dynamics GP 2018 R2 Missing Security

Microsoft Dynamics GPEach version of Microsoft Dynamics GP which is introduced sees additional functionality introduced; often this additional functionality means new windows are created. This in turns means that the security roles and tasks required by Dynamics Gp change.

A fresh install of Dynamics GP includes all of this new functionality by default, but an existing implementation is not updated.

The reason it isn’t automatically updated is to allow the client to decide if the new functionality should be updated or not. To facilitate this, the Dynamics GP Support and Services Blog provides a script for each version with SQL insert statements for the new roles and tasks.

I’ve previously had a post which I updated with this information, but have now created a permanent page linking to the scripts.

I’ll be keeping this page updated in future for all new versions.

MDGP 2018 R2 Feature of the Day: Password Expiration Notification

Microsoft Dynamics GPThe Inside Microsoft Dynamics GP blog has started a series Feature of the Day posts for Microsoft Dynamics GP 2018 R2 on which I am following and adding commentary. The series index for this series of posts is here.

The twelfth Feature of the Day is a password expiration notification.

This feature is a new notification reminding you that your password will expire in 7 days and prompting you to change it:

Password will expire in 7 days. Do you want to change it now?

I’d be a lot happier if the number of days is configurable as a reminder and reset prompt starting 7 days before expiry is too early a reminder. I have a few clients who have a password policy of the password expiring and needing to be reset every 30 days.

All a prompt 7 days before does is encourage users to change their password when first prompted; this means they change their passwords every three weeks. This massively contributes to password fatigue, leading to the users writing down their password on a post-it note as they don’t, or won’t, remember the password.

A very laudable addition, much beloved by people who write password policies, but, in my experience, the reality on the ground is that this type of policy and early reminder causes more problems than it solves.

Perhaps people would like to share their experience/perspective below? (Due to massive amounts of spam, comments need to be approved before they appear).

Click to show/hide the MDGP 2018 R2 Feature of the Day Series Index

MDGP 2018 R2 Feature of the Day: Increase Dynamics GP Password Maximum Length

Microsoft Dynamics GPThe Inside Microsoft Dynamics GP blog has started a series Feature of the Day posts for Microsoft Dynamics GP 2018 R2 on which I am following and adding commentary. The series index for this series of posts is here.

The eleventh Feature of the Day is increase Dynamics GP password maximum length.

This feature see the maximum length of the password usable with Dynamics GP increased from 15 to 21 characters.

Microsoft say that the length of the password in SQL is 21 and this has been matched that so now the maximum password length is the same for Dynamics GP.

User Password Setup

I’m not sure where in SQL the length is 21, as in Dynamics GP 2018 RTM, the password length on Users Master (SY01400) is 15 keyable characters; SQL Server supports password lengths of 128 characters.

While 21 characters is an improvement over 15, it would have been nice to see even longer passwords supported.

Click to show/hide the MDGP 2018 R2 Feature of the Day Series Index

Implementing Rockton’s SmartFill: Configuring Security

Rockton SoftwareThis post is part of a series of posts on Implementing Rockton’s SmartFill.

As it installs, SmartFill is accessible and the search windows can be used by all users.

It can also be administered by anyone with the POWERUSER* role. However, security can be maintained in two ways.

The first type of security allowsd the lookup windows to be restricted so certain lookup windows can be accessed only by certain users.

To change the security on, for example, the vendor lookup, select SmartFill Objects (Administration area page » Setup » SmartFill » SmartFill Objects). Scroll down and locate the Vendors in the list; select it and click OK:

SmartFill Objects

Continue reading “Implementing Rockton’s SmartFill: Configuring Security”