How to avoid using sa user

Tuesday

Jan292008

Tuesday, January 29, 2008 at 8:20AM

From Accolade newsletter

Eliminating the SA User from GP

No, you can't. Now most of you don't care or are not concerned but with so much SO Madness (that's Sarbanes Oxley, the law that will cost the American public more than Enron ever did) people are asking how to get rid of this master user id. And, while you can't eliminate it, you can restrict it and use a different user id with the same rights.

SA is a MS-SQL user id that is adopted by Dynamics GP. To restrict its use in Dynamics, remove access to companies for the SA user. You will, however need a replacement.

In Version 10, any user id can be assigned to the poweruser role. This will give that user most of the rights of the SA user ID. For the remaining few tasks that only SA can perform, use the DYNSA user. This user also has all of the rights of SA but is a Dynamics GP constructio

Andy |

1 Comment |

tagged

Dynamics GP,

Security

Reader Comments (1)

By granting a different user administrative access you have not mitigated the risk at all, but rather have shifted it to another user.

The real solution is to minimize the reasons a user with administrative rights would need to enter the system. Move the creation of users, user security administration, etc. outside of GP.

Additionally, audit trails that track administrative users should be added for key tables within Dynamics GP. Corresponding reports for these audit trails should be generated and reviewed periodically. Activities in both Dynamics GP and SQL Server should be monitored.

December 31, 1989 |

Andrew Snook wrote:

Post a New Comment

Enter your information below to add a new comment.

My response is on my own website »

Author:

Author Email (optional):

Author URL (optional):

Post:

↓ | ↑

All HTML will be escaped. Hyperlinks will be created for URLs automatically.

andy.nifong