To add to what has already been stated:
The SecurityPlanning.pdf file, in the Documents directory where your Dynamics GP application is installed, goes over giving users permissions to do these type of things if you want GP users other than sa or DYNSA to be able to create and modify users.
Chapter 7 in this guide goes over 'Core application security tasks' which include:
• Creating user records
• Deleting user records
• Granting user access
For example, under 'Creating user records', it gives the following options:
1. Login to Dynamics GP as 'sa'.
2. Assign the GP login the SysAdmin fixed SQL Server role (the equivalent of the sa login) and also the DYNGRP role under the DYNAMICS/system database.
3. Login to Dynamics GP as 'DYNSA', the database owner, which should be assigned the SecurityAdmin fixed SQL role.
4. Assign the GP user to the SecurityAdmin fixed SQL Server role and also the DB_Owner database role for the DYNAMICS system database. (DYNSA must be the db owner for all GP databases).
5. Assign the GP user the SecurityAdmin fixed SQL Server role as well as the DB_AccessAdmin and DB_SecurityAdmin database roles for the DYNAMICS system database. (DYNSA must be the db owner for all GP databases.)
As a test, I went into SQL Server Mgmt Studio, in the properties of my new PowerUser user I created in GP, under 'Server Roles' I marked 'SecurityAdmin', then under 'User Mapping', I highlighted the DYNAMICS system database and marked the DB_AccessAdmin and DB_SecurityAdmin database roles, clicking OK to save changes.
Back in Dynamics GP, the User Setup window now has the Password and Confirm Password fields enabled.
Thank you
