web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics GP (Archived) / Security Tables - Post...
Microsoft Dynamics GP (Archived)

Security Tables - Posting Permissions

(0) ShareShare
ReportReport
Posted on by K Day 7,365

I am trying to query the security tables.  I am able to pull what I need so far.  We are going through SOX audit and I'm trying to make some reports that we can use moving forward.

But now I get to the question of "Show me all users that have access to Post in A/R, A/P and G/L"

When linking to my security operations table SY09400, I am able to get Windows and Reports (SECRESTYPE 2 and 23)

But what about Posting permissions?  I see in the  SY10700, I have the SECRESTYPE of 600 that I have Identified as Posting Permissions through trial and error.  But what table to I look these up in?

For Example, In the SY10700 table, I have a SECRESTYPE of 600 and a SECURITYID of 301.  This equates to "Receivable Sales Entry Posting Access"  SECRESTYPE of 600 and a SECURITYID of 203 means they can post General Journal Entries.

But where do I look this up. Certainly I don't have to hard code this, right?

 

*This post is locked for comments

I have the same question (0)
  • L Vail Profile Picture
    L Vail 65,271 on at

    K Day,

    If SY10700 will tell you all of the tasks that include a posting permission (SECRESTYPE 600), then you need to identify all of the users who have roles that include any of those tasks. Yes?

    Probably someone will come through with the SQL statement. It's probably out there somewhere.

    Kind regards,

    Leslie

  • Richard Whaley Profile Picture
    Richard Whaley 25,195 on at

    First, there is the Security Role Assignment report that lists all users that are assigned to particular security roles.  Of course, there are reports that list what objects (ie windows) can be reached via each role.

     To know who can run what, you need to populate the Security Resource Table (under maintanance, clear data for the Security Resource Descriptions, yes clearing the data actually loads an empty table or reloads an existing table with current data).

    Then run the following script:

    SELECT ISNULL(A.SECURITYROLEID,'') AS SECURITYROLEID, ISNULL(M.SECURITYROLENAME,'') AS SECURITYROLENAME, --ISNULL(M.SECURITYROLEDESC,'') AS SECURITYROLEDESC,

    ISNULL(O.SECURITYTASKID,'') AS SECURITYTASKID, ISNULL(T.SECURITYTASKNAME,'') AS SECURITYTASKNAME, --ISNULL(T.SECURITYTASKDESC,'') AS SECURITYTASKDESC,

    R.PRODNAME, R.TYPESTR, R.DSPLNAME, R.RESTECHNAME, R.DICTID, R.SECRESTYPE, R.SECURITYID

    FROM DYNAMICS.dbo.SY09400 R

    FULL JOIN DYNAMICS.dbo.SY10700 O ON R.DICTID = O.DICTID AND O.SECRESTYPE = R.SECRESTYPE AND O.SECURITYID = R.SECURITYID

    FULL JOIN DYNAMICS.dbo.SY09000 T ON T.SECURITYTASKID = O.SECURITYTASKID

    FULL JOIN DYNAMICS.dbo.SY10600 A ON A.SECURITYTASKID = T.SECURITYTASKID

    FULL JOIN DYNAMICS.dbo.SY09100 M ON M.SECURITYROLEID = A.SECURITYROLEID

    WHERE R.DSPLNAME = 'Customize Home Page'

     

    All of this and more can be found in the Dynamics GP Security Handbook, available from your partner or our web site.

  • L Vail Profile Picture
    L Vail 65,271 on at

    This script is great for finding out which task/role includes the named object. In this example it's the 'Customize Home Page' window. A lot of good information in the Security book too.

    I think Victoria Yudin has a post that will return who has access to which security task at

    http://victoriayudin.com/2010/05/13/sql-view-with-security-and-smartlist-details-in-gp/ 

    pair this view with the information you discovered about the posting permissions task and you should have what you need.

    Kind regards,

    Leslie

     

     
  • K Day Profile Picture
    K Day 7,365 on at

     Thanks Leslie and Richard,

    I did notice that someone who said that they worked for Microsoft Services commented on Victoria's article:

    SECRESTYPE of 1 = Tables, 600 =Series Posting Permissions, 900 = Navigation Lists. The omission of the Series Posting Permissions I believe is worth noting. I am working on a tool that will include all of these resources descriptions, when it is ready for prime time I will let you know.

    So it looks like they are missing.  Which is strange because the Security Task report that you can print from the Secirity Task window specifically lists them by name, so they must be grabbing them from somewhere.  I may run a SQL trace while running that report and see if I can't uncover something.

    Kevin

     

  • Pudster01 Profile Picture
    Pudster01 5 on at

    Hi Kevin,

    Did you ever finish the tool that includes all the resource descriptions?

  • Kevin Day Profile Picture
    Kevin Day 610 on at

    Well, I have worked on it over time and have something that seems to work pretty well.  I did it all through trial and error though.  It isn't a tool as much as it is a SQL script.  We have installed some new products since and I am getting some NULLS....so basically here is what I can offer.  It isn't perfect, but I have been able to use it for the things I need.  A couple of notes...there is a company ID hard coded in here for one sub query.  TWO.  If you don't have the test company, then switch it to another GP Company.  You also need to follow some instructions on adding the resource descriptions to the (think it is the DYNAMICS..SY09400).  That table is blank until you "Clear Data" from it and it re-populates itself.  There are articles out there about populating the Resource Descriptions table.

    Here it is.  Hopefully someone will get some use out of it.

    USE DYNAMICS

    GO

    WITH

    --CTE FOR SMARTLIST NAMES

    SMARTLIST_CTE  (SECURITYID, DICTID, SECRESTYPE, ASI_DICTID, SL_OBJID, SmartlistObject, ResType)

    AS

    (

    SELECT SECURITYID, DICTID, SECRESTYPE, ASI_DICTID, SL_OBJID, SmartlistObject,'Smartlist' ResType

    FROM

    (

    SELECT SECURITYID, DICTID, SECRESTYPE, SECURITYID / 65536 ASI_DICTID, SECURITYID % 65536 SL_OBJID

    FROM SY10700 WHERE SECRESTYPE = 1000 AND DICTID = 1493

    ) ST

    JOIN

    (

    SELECT coalesce(TRANSVAL, ASI_Favorite_Name) SmartlistObject, ASI_Favorite_Dict_ID, ASI_Favorite_Type

    FROM ASIEXP81 F LEFT JOIN ASITAB30 A ON F.ASI_Favorite_Name = A.UNTRSVAL AND A.Language_ID = 0

    WHERE ASI_Favorite_Save_Level = 0

    ) SM

    ON ST.ASI_DICTID = SM.ASI_Favorite_Dict_ID AND ST.SL_OBJID = SM.ASI_Favorite_Type

    )

    ,

    --CTE FOR SERIES POSTING PERMISSIONS

    POSTING_PERM_CTE (DICTID, SECURITYID, SECRESTYPE, Series, ResourceName, TRXSOURC)

    AS

    (SELECT DISTINCT

    0 as DICTID

    ,CONVERT(VARCHAR(1), SERIES) + CASE WHEN LEN(SEQNUMBR) = 1 THEN '0' ELSE '' END +   CONVERT(VARCHAR(2), SEQNUMBR) as SECURITYID

    ,'600' as SECRESTYPE

    ,CASE SERIES

    WHEN 1 THEN 'All'

    WHEN 2 THEN 'Financial'

    WHEN 3 THEN 'Sales'

    WHEN 4 THEN 'Purchasing'

    WHEN 5 THEN 'Inventory'

    WHEN 6 THEN 'Payroll'

    WHEN 7 THEN 'Project'

    WHEN 10 THEN '3rd Party'

    ELSE 'Unknown'

    END as [Series]

    ,'Series Posting Permissions' as [ResourceName]

    ,TRXSOURC

    FROM TWO..SY01000

    WHERE 1=1

    and SEQNUMBR <> 0)

    SELECT * FROM (

    SELECT DISTINCT

    RTRIM(T.SECURITYROLEID) as [Security Role ID]

    ,RTRIM(coalesce(T.SECURITYTASKID,'')) as [Security Task ID]

    ,coalesce(R.DICTID,SO.ASI_DICTID,PO.DICTID,'') [Dictionary ID]

    --,O.DICTID as [Dictionary ID]

    ,RTRIM(DICT.PRODNAME) as [Product Name]

    ,RTRIM(coalesce(NULLIF(ISNULL(R.Series_Name, ''), ''),PO.[Series],DICT.[PRODNAME],'')) as [Resource Series]

    ,O.SECRESTYPE as [Resource Type Number]

    ,CASE O.SECRESTYPE

    WHEN 1 THEN 'Files'

    WHEN 2 THEN 'Window'

    WHEN 23 THEN 'Report'

    WHEN 100 THEN 'Rockton Tools'

    WHEN 400 THEN 'Document Access'

    WHEN 500 THEN 'Customization Tools'

    WHEN 600 THEN 'Series Posting Permissions'

    WHEN 700 THEN 'Integration Manager'

    WHEN 800 THEN 'Letters'

    WHEN 900 THEN 'Navigation Lists'

    WHEN 1000 THEN 'Smartlist'

    WHEN 3830 THEN 'SLB Window'

    ELSE 'Error'

    END as [Resource Type]

    ,O.SECURITYID as [Security ID Number]

    ,RTRIM(coalesce(R.DSPLNAME,SO.SmartlistObject,PO.TRXSOURC,'')) [Resource Display Name]

    ,RTRIM(coalesce(R.RESTECHNAME,'')) [Resource Technical Name]

    FROM   SY10600 T  -- tasks in roles

    LEFT OUTER JOIN  SY09000 TM  -- tasks master

    ON T.SECURITYTASKID = TM.SECURITYTASKID

    LEFT OUTER JOIN  SY10700 O  -- operations in tasks

    ON T.SECURITYTASKID = O.SECURITYTASKID

    LEFT OUTER JOIN  SY09400 R  -- resource descriptions

    ON R.DICTID = O.DICTID AND O.SECRESTYPE = R.SECRESTYPE  AND O.SECURITYID = R.SECURITYID

    LEFT OUTER JOIN SMARTLIST_CTE SO ON SO.DICTID = O.DICTID AND O.SECRESTYPE = SO.SECRESTYPE AND O.SECURITYID = SO.SECURITYID -- smartlist objects

    LEFT OUTER JOIN POSTING_PERM_CTE as PO ON O.SECRESTYPE = PO.SECRESTYPE AND O.SECURITYID = PO.SECURITYID

    --LEFT OUTER JOIN (SELECT PRODID as DICTID, PRODNAME FROM EXT90101) as DICT ON DICT.DICTID = coalesce(R.DICTID,SO.ASI_DICTID,PO.DICTID,'')

    LEFT OUTER JOIN (SELECT PRODID as DICTID, PRODNAME FROM EXT90101) as DICT ON DICT.DICTID = O.DICTID

    ) as Data

    WHERE 1=1

    AND [Security Role ID] IN ('SELECT YOUR ROLE HERE OR COMMENT OUT')

  • Peter LaVigne Profile Picture
    Peter LaVigne on at

    Kevin,

    Thank you much for your investigation on the series posting permission. It helped A TON.

    It resulted in this ...... (note this will only work on MSSQL due to temp tables. You can re-write it using something else if you desire.)

    * all tasks being used by any roles that are currently being used by any person in your company and the access they hold *

    Disclaimer --- this has been tested on limited data and I cannot be held responsible if it's not 100% accurate. ----

    I removed some of your property-specific info from your part of the script.

    USE DYNAMICS;

    -- users and their roles in each company --

    SELECT

    S.USERID AS UserID,

    S.CMPANYID AS CompanyID,

    C.CMPNYNAM AS CompanyName,

    S.SecurityRoleID AS SecurityRole,

    SU.CREATDDT AS CreationDate

    INTO #curuserroles

    FROM SY10500 AS S LEFT OUTER JOIN

    SY01400 AS SU ON S.USERID = SU.USERID LEFT OUTER JOIN

    SY01500 AS C ON S.CMPANYID = C.CMPANYID

    where

    C.CMPNYNAM not like '%TEST%' AND

    C.CMPNYNAM not like '%Fabrikam%' AND

    --exclude user if inactive

    SU.Userstatus <> 2;

    -- Currently Used Roles --

    select distinct SecurityRole

    into #usedroles

    from #curuserroles;

    /* -- Currently used Roles and their Tasks --

    SELECT T.SecurityRoleID,

      T.SECURITYTASKID

    into #roleswithtasks

    FROM

    SY10600 T  -- tasks in roles

    where T.SecurityRoleID in (select SecurityRole from #usedroles)

    */

    -- Task IDs belonging to used roles --

    SELECT DISTINCT T.SECURITYTASKID

    into #usedtasks

    FROM

    SY10600 T  -- tasks in roles

    where T.SecurityRoleID in (select SecurityRole from #usedroles);

    -- Task Access for each Task used ---

    --declare CTEs for Readability and Organization

    WITH

    SMARTLIST_CTE  (SECURITYID, DICTID, SECRESTYPE, ASI_DICTID, SL_OBJID, SmartlistObject, ResType)

    AS

    (

    SELECT SECURITYID, DICTID, SECRESTYPE, ASI_DICTID, SL_OBJID, SmartlistObject,'Smartlist' ResType

    FROM

    (

    SELECT SECURITYID, DICTID, SECRESTYPE, SECURITYID / 65536 ASI_DICTID, SECURITYID % 65536 SL_OBJID

    FROM SY10700 WHERE SECRESTYPE = 1000 AND DICTID = 1493

    ) AS ST

    JOIN

    (

    SELECT coalesce(TRANSVAL, ASI_Favorite_Name) SmartlistObject, ASI_Favorite_Dict_ID, ASI_Favorite_Type

    FROM ASIEXP81 F LEFT JOIN ASITAB30 A ON F.ASI_Favorite_Name = A.UNTRSVAL AND A.Language_ID = 0

    WHERE ASI_Favorite_Save_Level = 0

    ) AS SM

    ON ST.ASI_DICTID = SM.ASI_Favorite_Dict_ID AND ST.SL_OBJID = SM.ASI_Favorite_Type

    )

    ,

    --series posting resources, the SY09400 table does not contain these - they are within the company.

    POSTING_PERM_CTE (DICTID, SECURITYID, SECRESTYPE, Series, ResourceName, TRXSOURC)

    AS

    (

    SELECT DISTINCT

    0 as DICTID

    ,CONVERT(VARCHAR(1), SERIES) + CASE WHEN LEN(SEQNUMBR) = 1 THEN '0' ELSE '' END +   CONVERT(VARCHAR(2), SEQNUMBR) as SECURITYID

    ,'600' as SECRESTYPE

    ,CASE SERIES

    WHEN 1 THEN 'All'

    WHEN 2 THEN 'Financial'

    WHEN 3 THEN 'Sales'

    WHEN 4 THEN 'Purchasing'

    WHEN 5 THEN 'Inventory'

    WHEN 6 THEN 'Payroll'

    WHEN 7 THEN 'Project'

    WHEN 10 THEN '3rd Party'

    ELSE 'Unknown'

    END as [Series]

    ,'Series Posting Permissions' as [ResourceName]

    ,TRXSOURC

    FROM TWO..SY01000 --any company works here, but it has to be a company db.

    WHERE SEQNUMBR <> 0

    )

    SELECT DISTINCT

    coalesce(TM.SECURITYTASKID,'') Security_Task_ID

    ,coalesce(R.PRODNAME,'') Product_Name

    ,coalesce(R.TYPESTR,SO.ResType,'') Resource_Type

    ,coalesce(R.DSPLNAME,SO.SmartlistObject,'') Resource_Display_Name

    ,coalesce(NULLIF(ISNULL(R.Series_Name, ''), ''),PO.[Series],R.[PRODNAME],'') as [Resource Series]

    ,coalesce(R.DICTID,SO.ASI_DICTID,PO.DICTID,'') [Dictionary ID],

    ,CASE O.SECRESTYPE

    WHEN 1 THEN 'Files'

    WHEN 2 THEN 'Window'

    WHEN 23 THEN 'Report'

    WHEN 400 THEN 'Document Access'

    WHEN 500 THEN 'Customization Tools'

    WHEN 600 THEN 'Series Posting Permissions'

    WHEN 700 THEN 'Integration Manager'

    WHEN 800 THEN 'Letters'

    WHEN 900 THEN 'Navigation Lists'

    WHEN 1000 THEN 'Smartlist'

    WHEN 3830 THEN 'SLB Window'

    ELSE 'Unknown'

    END as [Resource Type]

    ,RTRIM(coalesce(R.DSPLNAME,SO.SmartlistObject,PO.TRXSOURC,'')) [Resource Display Name]

    FROM  SY09000 AS TM  -- tasks master

    LEFT OUTER JOIN  SY10700 AS O  -- operations in tasks

    ON TM.SECURITYTASKID = O.SECURITYTASKID

    LEFT OUTER JOIN  SY09400 AS R  -- resource descriptions

    ON R.DICTID = O.DICTID AND O.SECRESTYPE = R.SECRESTYPE  AND O.SECURITYID = R.SECURITYID

    LEFT OUTER JOIN SMARTLIST_CTE AS SO ON SO.DICTID = O.DICTID AND O.SECRESTYPE = SO.SECRESTYPE

      AND O.SECURITYID = SO.SECURITYID

    LEFT OUTER JOIN POSTING_PERM_CTE as PO ON O.SECRESTYPE = PO.SECRESTYPE AND O.SECURITYID = PO.SECURITYID

    where TM.SecurityTaskID in (select SECURITYTASKID from #usedtasks)

    ** you will want to drop the temp tables after you're finished querying from them, I don't in the script because I use them for other things once this is finished **

    I post this to hopefully help someone else make use of the knowledge spread across the web.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Introducing the 2026 Season 1 community Super Users

Congratulations to our 2026 Super Stars!

Meet the Microsoft Dynamics 365 Contact Center Champions

We are thrilled to have these Champions in our Community!

Congratulations to the March Top 10 Community Leaders

These are the community rock stars!

Leaderboard > 🔒一 Microsoft Dynamics GP (Archived)

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans