We have AD user accounts setup in a networking group that allow unrestricted access, the user group is: “Great Plain Users”.
Is there any reason that this AD group would need rights to the database? In addition, this AD group is part of the DYNGRP.
What should the AD group/User setup be for a GP user?
*This post is locked for comments
Thank you all for the follow up.
So outside of using Active Directory to setup single-signon or access to a webclient, there is no REQUIRED AD group a user must be a part of to have access to GP, correct?
Thanks
Since you are on 2010 R2, there is no AD integration. You might want to purchase an add-on for that if required
Malik, we, like Tom, allow and create Excel based queries to the data but this does not allow them access to the SQL Management Studio. In fact no one that I work with, other than me, has access to SQL Management Studio.
As a user of GP, they need to be set up in GP as a User and if on the correct version, you can associate their AD login to allow them to use the Web Client.
But at no time do these users get a direct line to the SQL Management Studio.
Hope this helps.
Hi Tom,
It definitely does help a lot.
I understand the need for access to database objects, etc, but doesn't this cause a security issue if giving users access to SQL server management studio. Allowing them to perform updates, or any other statements causing a change to the data in the gp database?
Since we require all of users to only access data via the front end of GP, should the database be locked down via AD or SSMS? Will locking down the database cause any issues with their access to the front end GP.
Thanks again, and sorry for the confusing initial question.
Not sure exactly what you're asking for because GP requires a sql login for users to access GP. Regardless of you're AD creds, you still need a sql login. Now depending on what version of GP you're using you can associate your AD account to your sql login to allow single-sign on for the WebClient but even then you still need a sql login.
The one thing that your setup currently allows is the user to have full access to the database objects, tables, views etc. We do this a lot because we use refreshable spreadsheets daily and constantly build new custom views to allow users access to vital data without having to access GP through the application.
Hopefully this helps and answers some of your questions.
Stay up to date on forum activity by subscribing. You can also customize your in-app and email Notification settings across all subscriptions.
#1
André Arnaud de Cal...
291,269
Super User 2024 Season 2
#2
Martin Dráb
230,198
Most Valuable Professional
#3
nmaenpaa
101,156
Share
Report
All responses (
Answers (