Etelligent Solutions

Based on the title, does this article apply to you?  If you don’t know how can you find out? It it does apply to you what should you do?  These are the questions that I will address in this post.

Organizations that started using Dynamics GP on version 9 or earlier, and are now on version 10 or later were previously faced with transitioning to the current Dynamics GP security model.  During that transition there was a choice to start fresh and set up GP security from scratch within the new role-based model, or to convert security settings from the old model to the new through the creation of conversion roles.  It is organizations that chose to convert their security settings from the old model and have continued to use those converted roles that this article applies to.

If you are not sure if this article applies to you can find out by checking User Security to see if any active user is assigned a security role that has a prefix of CNV ( see Figure 1) and a Role Description stating that it is a converted role (see Figure 2).

Figure 1

Figure 2

During the security conversion process, described above, a unique security role/task combination was created for each user/company combination that existed at the time of upgrade.  Those conversion objects ensured that users would have the exact security access for each company in the upgraded version of Dynamics GP that they had before the upgrade.  But the converted roles/tasks have not been adequate “Go Forward” because they have not provided access to new elements (windows,reports, and files) introduced by that upgrade or any subsequent upgrade. Also, managing security in such a granular fashion is not efficient.  So if you are still using converted security roles you are making your GP security management more difficult and time consuming than it needs to be.

So what can be done?  I suggest redoing your GP security now, either in preparation for upgrade to GP 2013 or as follow up to your recent upgrade. Start by setting up the required security roles needed for your organization (this analysis will take some time), assign the new roles to your users, then un-assign the converted roles and delete them along with the converted tasks.

To set up the required security roles I recommend copying the “out of the box” (default) roles that are closest to your needs and naming the copies with a consistent prefix so they will appear together within your list of roles.  Then modify the copied roles so that only the default tasks needed for each role is assigned.  I suggest using the default tasks because new elements are added to these tasks during upgrades. I don’t suggest using default roles because inherently they don’t provide for segregation of duties.

For organizations that need to ensure audit compliance or want additional tools to manage their GP security there are ISV products available from Fastpath and Rockton Software for those purposes. Check out their company websites for more information.   Also any organizations can enhance their GP security management by installing the Support Debugging Tool and using the Security Profiler and Security Information features in analyzing and troubleshooting their current settings. Follow the link for details and contact your GP Partner if you want to obtain the Support Debugging Tool.

The current role-based security model in Dynamics GP is big improvement over the previous model.  Don’t handicap your security management by trying to continue using converted roles.  Clean up your act (meaning your security setup)!


Sheldon Gitzel, ERP Consultant for Etelligent Solutions Inc.

Etelligent Solutions - Edmonton, Calgary ERP and CRM