Microsoft Dynamics GP System Administrator: Should You Separate Accounting Controls and Duties?

May 4 2011

About Gloria Braunschweig

Gloria has experience across the full spectrum of business operations and management. Decades of experience are documented in the book Rapid Implementation, establishing Gloria as a specialists using Microsoft SQL tools for implementation, integration, and business intelligence related to Microsoft Dynamics GP.

Gloria writes and presents on lean implementation concepts and business management systems for small and mid-size businesses. 

More about Gloria Braunschweig

Comments

adonat's picture

My recommendation is to take a look at page 37 of the Planning for Security .pdf file. #5 on that page explains what database roles are needed to be able to administer GP User accounts within the SQL Server and Dynamics GP application. You do not need SA or DYNSA to push this functionality down to the business application administrator. In addition, the DYNSA password is not set to the SA password. If that was the case, the SA account would no longer function as we apply a second level of encryption to the password prior to adding the account to SQL. Thanks! Aaron Donat Sr. Escalation Engineer Dynamics GP

Gloria Braunschweig's picture

I stand corrected about the DYNSA password. The options presented in the security paper allow attribution of certain typical-SA procedures to other users. It doesn't eliminate the overall weakness that the SA remains an all-powerful user.