As most of you know, Microsoft changed how security is setup and maintained with GP 10. Security is now defined for each user on a company-by-company basis, instead of the old way of assigning security to Classes and then assigning users to those Classes. Based on personal experience and a compilation of Microsoft KnowledgeBase articles, here’s an overview of GP 10.0 Security.
BASIC COMPONENTS
• Operation: Base level of security (ex: windows, reports, posting permissions)
• Task: A group of operations that are needed to complete a business task (i.e. Enter Payables Transaction would include access to the appropriate window, posting permissions, and appropriate reports)
• Role: A group of tasks that defines a particular job in a company (i.e. AP Clerk)
SQL SECURITY TABLES
In previous versions of Microsoft Dynamics GP, security was handled in the SY02000 and the SY40300 tables. However, with GP 10, these tables are removed and replaced with the following tables:
• SY09000: Task master
• SY09100: Role Master
• SY09200: Alternate or modified form and report ID master
• SY01500: Role assignment master
• SY10550: DEFAULTUSER task ID assignment master
• SY10600: Tasks assignments master
• SY10700: Operations assignments master
• SY10750: DEFAULTUSER task assignment
• SY10800: Alternate or modified form and report ID assignment master
So I know we’ve all had those times when we can’t figure out how to grant someone access to that one specific window. Or, we know we had assigned access to that window but can’t remember what task or role we assigned the access to. Here’s a way to figure out what Security Roles and Security Tasks are associated with a specific window or with a specific report. (In order to perform the steps below the user will have to have access the SQL tables, typically an IT administrator)
First, we need to populate the Security Resource Descriptions table. Follow these steps within GP:
1. Click Microsoft Dynamics GP, point to Maintenance, and then click Clear Data to open the Clear Data window.
2. On the Display menu, click Physical.
3. In the Series list, click System.
4. In the Tables pane, click the Security Resource Descriptions table, and then click Insert.
5. Click OK.
6. Click Yes.
7. In the Report Destination window, select the Screen check box, and then click OK to send the Report to the screen.
8. Close the report.
Next, open either Microsoft SQL Query Analyzer or Microsoft SQL Server Management and run the following query to find out what roles and tasks are associated with a specific window or report. You can specify the window or the report by changing the in the last line of the query. If no security roles are assigned to the tasks OR no security tasks are assigned to the operation, the table will be blank:
SELECT ISNULL(A.SECURITYROLEID,”) AS SECURITYROLEID,
ISNULL(M.SECURITYROLENAME,”) AS SECURITYROLENAME,
–ISNULL(M.SECURITYROLEDESC,”) AS SECURITYROLEDESC,
ISNULL(O.SECURITYTASKID,”) AS SECURITYTASKID,
ISNULL(T.SECURITYTASKNAME,”) AS SECURITYTASKNAME,
–ISNULL(T.SECURITYTASKDESC,”) AS SECURITYTASKDESC,
R.PRODNAME, R.TYPESTR, R.DSPLNAME, R.RESTECHNAME, R.DICTID, R.SECRESTYPE, R.SECURITYID
FROM DYNAMICS.dbo.SY09400 R
FULL JOIN DYNAMICS.dbo.SY10700 O ON R.DICTID = O.DICTID
AND O.SECRESTYPE = R.SECRESTYPE AND O.SECURITYID = R.SECURITYID
FULL JOIN DYNAMICS.dbo.SY09000 T ON T.SECURITYTASKID = O.SECURITYTASKID
FULL JOIN DYNAMICS.dbo.SY10600 A ON A.SECURITYTASKID = T.SECURITYTASKID
FULL JOIN DYNAMICS.dbo.SY09100 M ON M.SECURITYROLEID = A.SECURITYROLEID
WHERE R.DSPLNAME = ”