Data security in Microsoft Dynamics GP

Data security is one of major challenges for organizations. Therefore, we want to focus on the various components for which a low level security can represent an ‘open door’ to anyone who connects to your network.

I divided this subject into four parts:

  • Part 1. GP Security
  • Part 2. GP Databases
  • Part 3. GP Services
  • Part 4. Management Reporter

Part 1. GP Security

The GP Security helps increase the security of your Microsoft Dynamics GP environment. After adding up new users, you set access to companies and set up security for these new users. Also, each time you install a new component in Microsoft Dynamics GP, you must set up security for this component.

The GP Security encourages users to use strong passwords for their Microsoft Dynamics GP user account. An easy rule to apply is to never write down a password, you should create a combination of upper and lower case letters, numbers and special characters. This should means something easy to remember. Never leave the system password blank.

Microsoft Dynamics GP provides several types of security:

  • System
  • Company
  • Security Tasks
  • Security Roles
  • Individual Users
  • Modified Specific Tasks

System   System security controls access to system wide setup information, such as setting up new user records, assigning user security or printing reports that contain that information. System level security is controlled through the use of a password; only a few people should know the password

  • Open GP and select:
    • Administration >> Setup >> System >> System Password
    • Enter the current system password

    Company : :  Company security controls access to companies on a per-user basis. When you set up a new user record, that person doesn’t have access to any companies. You’ll need to grant access, using the User Access Setup window, before the user can log in to Microsoft Dynamics GP.

    Granting company rights to individual users allows you to control which users have access to the companies you’ve created. Be sure to set company access using the steps in this procedure each time you do either of the following things:

    • Create a new user recordIf you don’t set access, the user won’t be able to access any companies in Microsoft Dynamics GP,
      • User Access Complete this procedure within the User Access Setup window only to modify the settings you copied.
        • Administration >> Setup >> System >> User Access
      • Power Users SQL Users will be able to access all the company as system administrator
SQL UsersServer RolesMapping
SaSysadmin, publicAll GP companies including Dynamics
DYNSADB creator, securityadmin, publicAll GP companies including Dynamics
    • The database owner is set to DYNSA for every Microsoft Dynamics GP It is essential that DYNSA continue to be the owner of every Microsoft Dynamics GP database
    • When the DYNSA login is created, the login is assigned to the Security Admin and DB Creator Fixed Server Roles.
    • Access to the SY02400 table (System Password Master Table) in Report Writer is removed for all users.
  • Services Users SQL Users who have access to a certain database to be able to run a service and have access to GP
ServicesDescriptionServersUsersServer Roles
SQL Server (MSSQLSERVER)Storage, Processing and controlled access of dataSQLNT Service\MSSQLSERVERpublic, sysadmin
SQL Server Agent (MSSQLSERVER)Execute jobs, monitor SQL ServerSQLNT Service\SQLSERVERAGENTPublic, sysadmin
Report ServerSSRS Reports databaseSQLNT SERVICE\ReportServerpublic
eOne SmartConnect ServiceSchedule MapsSQLActive Directory userpublic, sysadmin
Management Reporter 2012 Application ServiceControls access to data and user connectivityAPPActive Directory userpublic, sysadmin
Management Reporter 2012 Process ServiceGenerates the reportsAPPActive Directory userpublic, sysadmin
eConnect for Microsoft Dynamics GP 2015 Integration ServiceIntegration service (Smartconnect)APPActive Directory userpublic, sysadmin

Report Users SQL User only to display SSRS reports


UsersServerServer RolesDatabase Roles
DynReportSQLpublicEach GP Company DB = Db_datareader, dyngrp, public (added manually)
SmartconnectSQLpublicSmartConnect DB = db_owner, public
  • Create a new company If you don’t set access, no users will be able to access the company
    • If you marked the Copy Access from Company option in Microsoft Dynamics GP Utilities when you created a new company, you’ve already specified the users who will have access to this company.

Security tasks:   Security tasks are assigned to roles and grant access to windows, reports, files, and other resources within Microsoft Dynamics GP that users need to access to complete a specific task. Some default security tasks have been created for you.

Security roles:   Security roles contain the security tasks that a user needs to access to do their job. Some default security roles have been created for you.

Individual users:   Individual security is role-based in Microsoft Dynamics GP. Each user must be assigned to a security role before they can access any forms, reports, or other data within Microsoft Dynamics GP.

Module-specific tasks:   Most Microsoft Dynamics GP modules have specific tasks that can be set up to require a password; each task can have a different password. If a password is required, all users attempting to complete that task must enter the password.

Read Part two: GP Databases Security >>


Send this to a friend