Managing Dynamics GP without using sa login
Monday, September 29, 2008 at 3:29PM
Managing GP security without sa user – other options exist, these steps use the most secure options for each task
1. Create new user in GP to use as the GP administrator
2. Grant access to all companies
3. Make user member of POWERUSER role
4. In SQL Server, assign user to securityadmin server role
5. To be able to create new users, must be member of db_accessadmin and db_securityadmin roles in DYNAMICS database
6. To be able to delete existing users, must be member of db_accessadmin role in all company databases
7. To be able to grant/remove access to companies, must be member of db_securityadmin role in all company databases
8. To backup databases, must be member of db_backupoperator role in database
9. Only sa user is allowed to restore databases due to risk of data damage
10. To manage business alerts, user must be member of sysadmin server role
11. To perform SQL maintenance in GP, user must be member of sysadmin server role or DYNSA (db owner) login will work
12. To delete companies, user must be member of sysadmin server role or DYNSA user
Alternate GP Admin user may be assigned sysadmin server role to be able to do all the tasks above, with the exception of restoring databases. Security concerns may make steps above necessary rather than giving user sysadmin server role.
Dynamics GP, Security
Reader Comments