I wanted to help with the understanding of limited users. Limited Users are setup just like normal users in GP in the User Setup window (GP>>Tools>>Setup>>System>>User). If users are only logging into GP to use the new self-service functionality or for “read-only” access as many times what security admins want, you might consider setting them up as a limited user type.

With enhancements made to GP2013 R2, there are 2 user counters in GP (one for limited and one for Full) and they are both concurrent (not named). As I mentioned you would set up a Limited User just as you would a Full user at GP>>Tools>Setup>System>>User and set the user up as “Full” or “Limited” in the drop down field “User Type”.  You would only want to set up a limited user if you want them to view inquiries and reports in GP or to use just the new self-service functionality.

The Limited User would log into GP, just as they would a normal GP user but when they log in, the user count would tract against the limited user counter.

New enhancements were also made to the limited user functionality, where GP performs a security check for the resource itself and also that the resource is available to a limited user. This feature will restrict the Limited user to only access things such as inquiry windows, reports, navigation lists, SmartLists, etc. All reporting is available to the Limited Users. (Report Writer and SQL Reporting Services)  Limited Users are prevented from accessing windows used to update data, however the exception being certain self-service windows where the user can only affect data pertaining to themselves.  The Limited User cannot be member of the PowerUser Security Role. If you assign the PowerUser security role to the user, you will receive a message, “This user has been assigned access to the POWERUSER security role and cannot be defined as a Limited Type. Review the security that has been setup for this user. When you click the OK button, the user type is set back to Full.

In the Security Task Setup window, you will see a new icon in the operations section of the window next to the operations available. The icon denotes windows that are available to limited user types.

Both Full and Limited are concurrent users, so if you have 150 users that would need to log into GP for example, you would need to gage how many Limited users and then how many Full users might be logged in at the same time when deciding how users you might need. Both Full and Limited users can be purchased and prices are on the Microsoft Dynamics GP 2013 Price list here.

I just want to note that there is a “Limited User” that is available in GP 2013 prior to R2, however the Limited User is not functional until GP 2013 SP2. The issue prior to SP2 is that if you create a limited user and then assign them one or more of the 'LIMITED USER' security roles that are available in the User Security window, when the limited users attempt to login to Dynamics GP 2013, it won't let them in and gives an error that maximum number of users are in the system.

The only work-around is to assign the limited user a regular security role, but this will give them full permissions to everything that security role gives them access to, which isn't a true “Limited User” or upgrade to SP2 or later in which this issue has been resolved.

Just by setting the user as a 'limited' user in the User Setup window doesn't make it completely a limited user if you're not assigning it only the 'Limited User' security roles.

In GP 2013 R2, they made changes to the Limited User as I have mentioned earlier, in which the code does a double check on the resources that are available to the assigned security role and then checks again to see if the resources are available to the Limited User.

Check out the Microsoft Dynamics GP 2013 R2 System Wide New Features VIDEO for more information on the limited user type and deatiled DOCUMENTATION.