Microsoft Dynamics GP System Administrator: Should You Separate Accounting Controls and Duties?

[Ed. - this story has been updated to reflect Microsoft's guidance on security and administration for Microsoft Dynamics GP]

...

Requires FREE Membership to View

Login
Become a Member Joining MSDynamicsWorld.com gives you free, unlimited access to news, analysis, white papers, case studies, product brochures, and more, and it’s all FREE. You’ll also receive periodic email newsletters with the latest relevant articles and content updates.
About Gloria Braunschweig

Gloria has experience across the full spectrum of business operations and management. Decades of experience are documented in the book Rapid Implementation, establishing Gloria as a specialists using Microsoft SQL tools for implementation, integration, and business intelligence related to Microsoft Dynamics GP.

Gloria writes and presents on lean implementation concepts and business management systems for small and mid-size businesses. 

Read full bio...

Security update to this post...

My recommendation is to take a look at page 37 of the Planning for Security .pdf file. #5 on that page explains what database roles are needed to be able to administer GP User accounts within the SQL Server and Dynamics GP application.

You do not need SA or DYNSA to push this functionality down to the business application administrator.

In addition, the DYNSA password is not set to the SA password. If that was the case, the SA account would no longer function as we apply a second level of encryption to the password prior to adding the account to SQL.

Thanks!

Aaron Donat
Sr. Escalation Engineer
Dynamics GP

Security

I stand corrected about the DYNSA password. The options presented in the security paper allow attribution of certain typical-SA procedures to other users. It doesn't eliminate the overall weakness that the SA remains an all-powerful user.

minivan