Users Express Frustration with Managing Security Roles in Microsoft Dynamics GP 10

In its introduction to new features in Dynamics GP 10, Microsoft tells users, "you can be confident in the integrity and confidentiality of critical information with improved security features."

But if you listen to users in large organizations, especially public companies with Sarbanes-Oxley security requirements, there are concerns that the improvements aren't what all these users would have liked. In a session last week sponsored by the GP User Group on managing security roles in Microsoft Dynamics GP 10, two users expressed frustration with the newest version of GP on the reporting end.

Their key concern is that, though GP 10 is role-based, spelling out which roles have access to what information is an overly involved and complex process. And if you're the IT manager of a public company, who must sign off on reports and data integrity for Sarbannes-Oxley, that presents a problem.

"Our biggest problem is how to manage roles around compliance requirements," stated Jason, who identified himself as head of IT for a public company. "My main challenge as a business manager is managing security roles," he said. "Till the manager looks at what each role provides access to, it is hard to use it."

Jason's company upgraded recently from Microsoft Dynamics GP 8 to GP 10. "We spent a lot of time assessing going from non-role-based to role-based models. If you have to modify the roles, it takes a while to get comfortable with the changes."

Another user, Steve, said, "We have created a master spread sheet of all the menu picks. I have a Sarbanes-Oxley officer who monitors it." But, he indicated, that is a cumbersome way to keep track of ...