We have had all users set as Default class and Power User profile. We would like to start restricting access to certain areas like the fiscal period setup window. We are a smaller company, so most users need to be able to do most functions. How can I restrict access to just the fiscal period setup window?
*This post is locked for comments
I would suggest you to use Field Level security for your case.
To more detail about Field Level security in Dynamics GP, please have a look on the below link.
community.dynamics.com/.../field-level-security-in-gp-without-customization.aspx
Hope this helps!!!
- /*
- Type STR’s
- ========================
- Windows
- Reports
- */
- select a.USERID, c.CMPNYNAM, b.SECURITYROLEID, e.SECURITYTASKID
- from Dynamics..SY01400 a
- left join DYNAMICS..SY10500 b on a.USERID= b.USERID
- join DYNAMICS..SY01500 c on b.CMPANYID=c.CMPANYID
- join DYNAMICS..SY10600 d on b.SECURITYROLEID = d.SECURITYROLEID
- join DYNAMICS..SY10700 e on d.SECURITYTASKID= e.SECURITYTASKID
- join DYNAMICS..SY09400 f on e.DICTID=f.DICTID and e.SECRESTYPE= f.SECRESTYPE and e.SECURITYID= f.SECURITYID
- where f.TYPESTR='Windows' and f.DSPLNAME='Account Maintenance'
As Redbeard noted you need to drop poweruser from users security. This will always give the user access to just about everything in GP.
After that is done the following script I wrote will be able to help you. The script will not show security granted from poweruser since they have access to everything
Populate the SY09400 table.
Backup your Dynamics and company DB’s.
Log on to Microsoft Dynamics GP as “sa”.
Click Microsoft Dynamics GP> Maintenance> Clear Data.
On the Display menu, click Physical.
In the Series field, click System in the drop-down list.
Click the Security Resources Description table, click Insert, and then click OK to process.
Print the report to screen, and then check for errors.
Find the display name of the window\report you are trying to restrict access to (opening the window\running the report should show you.
Run the script I attached.
In the script replace ‘window’ with ‘report’ if needed.
Replace ‘Account Maintenance’ with the display name of the item you are trying to restrict access to.
Execute the script.
It will show you (outside of power user) what role and task granted a user access to the resource. From there you will be able to adjust the security as needed.
If you have support debugging tool installed and then repopulate the SY09400 the script can be used to pull any security type, not just windows and reports.
As one final note it is highly recommended to leave the built in security tasks alone if you need to adjust security and instead clone them and use the clones. If there is a big issue with the security and you modified the built in security tasks you wont have them to fall back on.
Thank's for your time!
Hi,
Harry has already provided the details on how to restrict access, but I wanted to offer one related suggestion.
If you are going to start restricting access to specific windows or start assigning proper roles in GP security, I would strongly recommend learning how to use the Security related features of the Support Debug Tool. It's a bit confusing and cryptic at first, but after a few uses, it gets easier.
For instance, to find the security settings for the Fiscal Periods Setup window, I launched the Support Debug Tool, started the Security Profiler and then opened the Fiscal Periods Setup window.
The Profiler will identify the window, and you then then open the Security Information window, which will then show you which Security roles and tasks to which that window is assigned.
In this screen shot, you can see that the window is assigned to POWERUSER and the ADMIN_COMPANY_001 task, which is used by the Accounting Manager role.
First, you're going to have to give up the PowerUser setting for any user you wish to restrict access for. PowerUsers can do anything in Dynamics GP, unless it is a setting protected by the System Password. Fiscal Period setup, is not protected by the system password. Fiscal periods are maintained at the Company Level.
Dynamics GP Security is divided into four specific segments. User Access (What companies can a user see/access), User Security (What Roles are assigned to the user in the companies they can see/access), Security Roles (Controls what Security Tasks are assigned to a Role) and Security Tasks (What specific windows, tables, reports, etc.) are granted to a Security Task.
You would need to remove the Power User Role from the user you want to restrict access for, and then make sure you disable the Accounting Manager Security Role for users you do not wish to be able to set up/modify Fiscal Period Setup. Only the Accounting Manager Security Role has the Admin_Company_001 Security Task assigned to it, which among other things permits access to Fiscal Period Setup.
#1
André Arnaud de Cal...
292,865
Super User 2025 Season 1
#2
Martin Dráb
231,723
Most Valuable Professional
#3
nmaenpaa
101,156
Moderator
Share
Report
All responses (
Answers (