Skip to main content
Dynamics 365 Community / Blogs / Dynamics GP Support and Services Blog / ESS Security Roles in Micro...

ESS Security Roles in Microsoft Dynamics GP 2013 and Microsoft Dynamics GP 2015 - What do they give users access to?

Derek Albaugh Profile Picture Derek Albaugh

There's been some question on the ESS users and especially the ESS security roles, and users being able to access this and that.

The goal here is to put all of this information into one area that can be used for reference, as to what users are given, by default, via these ESS security roles.

**NOTE: If a user is setup as a Self Service type user, the security roles and tasks work differently as a Self Service type user is only meant to create requisitions, enter time and expenses, enter project time and expenses, benefits self service and workflows. The Limited user type can do what a Self Service user can do plus all inquiry, reports and SmartLists.**

https://community.dynamics.com/gp/b/gpteamblog/archive/2014/12/17/what-are-the-self-serve-and-limited-users

There are six ESS security roles:

--ESS EMPLOYEE MANAGER*

--ESS EMPLOYEE*

--ESS EMPLOYEE_BSS*

--ESS EMPLOYEE_CLTM*

--ESS PTE EMPLOYEE*

--ESS PURCHASE REQUESTER*

The ESS EMPLOYEE MANAGER* security role gives users access to the following security tasks:

      --DEFAULTUSER
      --EMP_PROFILE_MANAGER_01*
      --EMP_SKILLS_MANAGER_01*
      --EMP_TIME_MANAGER_001*

The objects that each of these security role/security task combinations give users access to are:

ESS EMPLOYEE MANAGER* / EMP_PROFILE_MANAGER_01*:

--Windows/Forms: Employee Profile

--Navigation Lists: Historical Timecards, HRP Workflow Pending Approval, In-Transit Transfers, My Team and W2-Wage and Tax Statement.

ESS EMPLOYEE MANAGER* / EMP_TIME_MANAGER_001*:

--WIndows/Forms: Timecard Entry

--Navigation Lists: Timecards Pending Approval

ESS EMPLOYEE MANAGER* / EMP_SKILLS_MANAGER_01*:

--Windows/Forms: Employee Skills & Training

--Navigation Lists: My Team

The ESS EMPLOYEE* security role gives users access to the following security tasks:

      --DEFAULTUSER
      --EMP_BENEFITS_EMPLOYEE_01*
      --EMP_DIRECTDEP_EMP_01*
      --EMP_PAYSTUBS_EMPLOYEE_01*
      --EMP_PROFILE_EMPLOYEE_01*
      --EMP_SKILLS_EMPLOYEE_01*
      --EMP_TIME_EMPLOYEE_001*
      --EMP_W2_EMPLOYEE_01*
      --EMP_W4_EMPLOYEE_01*

The objects that each of these security role/security task combinations give users access to are:

ESS EMPLOYEE* / EMP_BENEFITS_EMPLOYEE_01*:

--Windows/Forms: Benefits View

ESS EMPLOYEE* / EMP_DIRECTDEP_EMP_01*:

--Windows/Forms: Employee Direct Deposit

--Navigation Lists: HRP Workflow Pending Approval

ESS EMPLOYEE* / EMP_PAYSTUBS_EMPLOYEE_01*:

--Reports: Reprint Pay Statement Report

--Navigation Lists: Paystubs

ESS EMPLOYEE* / EMP_PROFILE_EMPLOYEE_01*:

--Windows/Forms: Employee Profile

--Navigation Lists: HRP Workflow Pending Approval

ESS EMPLOYEE* / EMP_TIME_EMPLOYEE_001*:

--Windows/Forms: Timecard Entry, Timecard History

--Service Enabled Procedures: ServiceCreateTimecard, ServiceCreateTimecardLines, ServiceGetEmployeeDetails, ServiceGetPaycodesListAll, ServiceGetPayScheduleAll, ServiceGetResctionCode, ServiceGetTimecard, ServiceUpdateTimecardLine, ServiceGetActiveTimecardList, ServiceRecallTimecard, ServiceSubmitTimecard, ServiceGetApprovedTimecardList, ServiceGetSubmittedTimecardList

--Navigation Lists: Current Timecards, Historical Timecards

ESS EMPLOYEE* / EMP_SKILLS_EMPLOYEE_01*:

--Windows/Forms: Employee Skills and Training, Tests Lookup, Skill Sets Lookup

--Navigation Lists: HRP Workflow Pending Approval

ESS EMPLOYEE* / EMP_W2_EMPLOYEE_01*:

--Reports: W-2 One-Wide Forms with Box report

--Navigation Lists: W2 - Wage and Tax Statement

ESS EMPLOYEE* / EMP_W4_EMPLOYEE_01*:

--Windows/Forms: W4-Employee's Withholding Certificate

--Navigation Lists: HRP Workflow Pending Approval

The ESS PURCHASE REQUESTER* security role gives users access to the following security tasks:

       --ADMIN_PURREQ_021*
       --DEFAULTUSER
       --INQ_PURREQ_005*
       --TRX_PURREQ_026*

The objects that each of these security role/security task combinations give users access to are:

ESS PURCHASE REQUESTER* / ADMIN_PURREQ_021*:

--Files: Purchase Order Line, Purchasing Comment, Purchasing Setup Table, Purchase Order Work, SOP_POPLink, Purchasing Requisition Work, Purchasing Requisition History, Purchasing Requisition Line, Purchasing Requisition Line History, and Purchasing Requisition User Access.

ESS PURCHASE REQUESTER* / INQ_PURREQ_005*:

--Windows/Forms: Account Entry, Exchange Rate Entry Zoom, Purchasing Comment Inquiry Zoom, PO Commitment for Document Inquiry Zoom, Purchase Ship To Address Inquiry, Document Attachment Inquiry, Attachment Properties, Document Attachment Status Inquiry, Purchase Requisitions, Purchase Requisitions Inquiry, Purchase Requisitions Inquiry Zoom, Analytical Requisition Transaction Inquiry Zoom (if Analytical Accounting installed).

--Navigation Lists: Purchasing Requisition Transactions

ESS PURCHASE REQUESTER* / TRX_PURREQ_026*:

--Windows/Forms: Account Entry, Exchange Rate Entry, Exchange Rate Entry Zoom, Purchasing Comment Inquiry Zoom, Purchasing Comment Entry, Purchasing Ship To Address Entry, PO Commitment for Document, Purchasing Ship To Address Inquiry, Document Attachment Management, Attachment Properties, Document Attachment Status Inquiry, Copy A Requisition, Purchase Requisition Entry, Purchase Requisitions, Analytical Requisition Transaction Entry (if Analytical Accounting installed), Validation Log Requisition Transaction Entry (if Analytical Accounting installed).

--Navigation Lists: Purchasing Requisition Transactions

The ESS PTE EMPLOYEE* security role gives users access to the following security tasks:

       --DEFAULTUSER
       --PADEFAULTUSER*
       --PTE_EXPENSE_ENTRY_001*
       --PTE_TIME_ENTRY_001*

The objects that each of these security role/security task combinations give users access to are:

ESS PTE EMPLOYEE* / PTE_EXPENSE_ENTRY_001*: (all if Project Accounting is installed)

--Windows/Forms: PTE Employee Expense Entry, PTE Inquiry Zoom Employee Expense, PTE Employee Expense Inquiry.

--Navigation Lists: PTE Expenses

ESS PTE EMPLOYEE* / PTE_TIME_ENTRY_001*: (all if Project Accounting is installed)

--Windows/Forms: PTE Timesheet Entry, PTE Inquiry Zoom Timesheet, PTE Timesheet Inquiry

--Navigation Lists: PTE Timesheets

The ESS EMPLOYEE-BSS* security role gives users access to the following security tasks:

       --EMP_BSS_EMPLOYEE_01*

The objects that each of these security role/security task combinations give users access to are:

ESS EMPLOYEE-BSS* / EMP_BSS_EMPLOYEE_01*: (All if HRM Solution Series is installed)

--Windows/Forms: Enrollment Submission, Benefits View

--Reports: APR Benefit Enrollment Report

--Navigation Lists: Benefit Enrollments

The ESS EMPLOYEE-CLTM* security role gives users access to the following security tasks:

       --EMP_CLTM_EMPLOYEE_01*

The objects that each of these security role/security task combinations give users access to are:

ESS EMPLOYEE-CLTM* / EMP_CLTM_EMPLOYEE_01*: (All if Certification Manager is installed)

--Windows/Forms: Employee Skills, Training, Licenses and Certifications, Tests Lookup and Skill Sets Lookup.

The ESS PTE EMPLOYEE* security role also gives access to the PADEFAULTUSER* security task, which gives users access to 79 different windows/forms for Project Accounting.

The ESS EMPLOYEE MANAGER*, ESS EMPLOYEE*, ESS PTE EMPLOYEE* and ESS PURCHASE REQUESTER* security roles also give access to the DEFAULTUSER security task, which gives access to anywhere from 275 to 302 windows/forms depending on what features are installed for Microsoft Dynamics GP, as well as 8 different reports.

Hopefully this will give information on what each of the ESS security roles and tasks give uses access to by default, so if you're trying to setup users with these security permissions, this will help in determining which security roles you need to assign these users to give them the security permissions needed to access what they need to be able to, in order to do their work.

Remember, even with the same security roles and tasks assigned to users, whether they are setup as a Full, Limited or Self Service user will also impact what they do and do not have security access to, so you'll want to test accordingly, especially with Self Service user types.

Thank you!!

Comments

*This post is locked for comments

  • Derek Albaugh Profile Picture Derek Albaugh
    Posted at

    Hello Beat Callen, here are the links you're looking for:

         1. New Security Roles and Tasks are missing when upgrading to Microsoft Dynamics GP 2015 R2

               community.dynamics.com/.../new-security-roles-and-tasks-are-missing-when-upgrading-to-microsoft-dynamics-gp-2015-r2

         2. New Security Roles and Tasks are missing when upgrading to Microsoft Dynamics GP 2015

               community.dynamics.com/.../new-security-roles-and-tasks-are-missing-when-upgrading-to-microsoft-dynamics-gp-2015

          3. New Security Roles and Tasks are missing when upgrading to Microsoft Dynamics GP 2013 R2

                community.dynamics.com/.../missing-new-security-roles-and-task-when-upgrading-to-gp-2013-r2

    These are just insert scripts to add security roles and tasks we've seen that are new to GP 2013 R2, GP 2015 and GP 2015 R2 that don't get added when doing an upgrade, compared to if a new install of the application was done. If you get any 'primary key' errors running any or all of these three scripts, it simply means that record is already present in the table, which is what we want.

    Cindy, if the user is set to a 'Self Service' user, that may change what the user can actually access and view, as the Self Service type limits what a user can see and do. I'd create a support case to look at that if you haven't already.

    Paul, I believe it is R2 for Dynamics GP 2015 and you also need registration keys that give you access to so many self service type users in Dynamics GP.

    Thanks,

  • callen Profile Picture callen 4,595
    Posted at

    Where are the scripts to create the roles for those clients that upgrade?

  • Community Member Profile Picture Community Member Microsoft Employee
    Posted at

    Derek,

    I have a client that just rolled out the Project Time & Expense to it's employees on January 1.  We are running into a weird issue where the employees can't view the past timesheets.  When I look at the information above, it looks like the PTE_TIME_ENTRY_001 role should be allowing the self service users access to the PTE Inquiry Zoom Timesheet, but that is not the case.  I only see that operation available if the User Type is set to Full....Any idea if you have realized this issue already and there is a way for me to fix it for my client?

  • Paul Johnson Profile Picture Paul Johnson 215
    Posted at

    How does self service users work if you are on GP 2015 and not GP 2015 R2.  It appears you only have the option of assigning users as full or limited user.  Can someone still use self service users in GP 2015 RTM and assign the user to the ESS roles?

  • Beat Bucher GP Geek GPUG All Star Profile Picture Beat Bucher GP Gee... 28,002 Super User
    Posted at

    Thank you Derek for this detailed information.

    It would also a good idea to point out the fact that those roles are not created automatically when you upgrade from a previous system like GP 10 or GP 2010, and need to run a script to create those missing roles.

  • Community Member Profile Picture Community Member Microsoft Employee
    Posted at

    This is helpful, a list of the  ESS Security Roles in Microsoft Dynamics GP 2013 and Microsoft Dynamics