Data security in Microsoft Dynamics GP part 3

Microsoft GP and SQL Services

The following text will clarify what are the services and minimum requirement for service users:

  • SQL Services
  • GP Web Services
  • Security
  • Policy
  • Exception Login
  • Web Service Runtime
  • Web Service Management Tool
  • eConnect
  • SQL Server Reporting Services (SSRS)

Microsoft SQL Server Service

Characteristic of this service user:

  • Use a low-privilege domain account or the Local System account for SQL Server service (MSSQLSERVER)
    • Should have minimal rights in the domain
    • Should have only local user-level permissions in the domain
    • If SQL Server is using a domain administrator account to run the services, it compromises the entire domain

Microsoft Dynamics GP Services

GP Web Services

The Microsoft Dynamics GP Web Services are:

  • Fully integrated with the Dynamics Security Service
    • So only specified users are allowed to perform actions like creating or updating sales documents
  • Based on Windows Communication Foundation (WCF) and eConnect


Through the Dynamics Security service, the web service administrator will:

  • Configure which users and groups are able to execute the methods (operations)
    • If an application attempts to run a method for which the current user doesn’t have access, a security exception will be raised and the action will be prevented
  • Control through the Dynamics Security Administration console, which is a snap-in for Microsoft Management Console (MMC)


The policy system allows the web service administrator to control:

  • how business objects are created, updated, or deleted through the Dynamics GP service
    • Each create, update, and delete or void method has a policy object that is passed with the operation
  • Policy is configured using the Dynamics Security console

Exception Login

The Dynamics GP service maintains:

  • a record of all exceptions (errors) that occur for web service operations
    • The web service administrator will use this information to help diagnose and resolve any issues for applications that use the web service
    • You can use the Dynamics GP Web Services Exceptions console to view the exception information
    • This is a snap-in for Microsoft Management Console (MMC) that retrieves and displays the exceptions logged by the Dynamics GP service

Web Services Runtime

The runtime engine that adds a Web Services interface to Microsoft Dynamics GP:

  • Install this component if you want to run integrations that access Microsoft Dynamics GP data through Web Services

Web Services Management Tools

The Security Console and Exceptions Management Console, are used to:

  • Administer security and exception information for Web Services for Microsoft Dynamics GP

SQL Server Reporting Services (SSRS)

SQL Server Reporting Services is a server-based reporting platform, the reports that you create can be viewed and managed over a World Wide Web-based connection:

  • Users need extra privileges in SQL Server and Report Manager before they can view the Microsoft Dynamics GP data that is displayed in SQL Server Reporting Services reports
  • Default SQL Server roles are created when you install Microsoft Dynamics GP
    • Each SQL Server role that begins with “rpt_” has enough access to view the Microsoft Dynamics GP data that is displayed in a report
  • To view a SQL Server Reporting Services report, a user, or a Windows (local machine) group that the user belongs to, must be added as a member to the SQL Server roles that correspond to that report and the user must be granted access to that SQL Server Reporting Services report in Report Manager

Read Part 4. Management Reporter >>


Send this to a friend