1 / 9

Enterprise Security for Microsoft Dynamics GP

Enterprise Security for Microsoft Dynamics GP. Jeff Soelberg soelberg@gofastpath.com. Fastpath Facts. Founded 2004 Headquarters in Des Moines, IA Microsoft Gold Certified ISV Microsoft Gold Certified Partner Staff includes CPAs and CIAs . Can we prove it?. 4 00+ customers

eben
Download Presentation

Enterprise Security for Microsoft Dynamics GP

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Enterprise Security for Microsoft Dynamics GP Jeff Soelberg soelberg@gofastpath.com

  2. Fastpath Facts • Founded 2004 • Headquarters in Des Moines, IA • Microsoft Gold Certified ISV • Microsoft Gold Certified Partner • Staff includes CPAs and CIAs

  3. Can we prove it? • 400+ customers • 30+ countries • 6 continents • IIA Industry Leader

  4. Security and Compliance Products

  5. Minimizing the use of ‘sa’ with Dynamics GP • Problem • ‘sa’ is the only GP user out of the box that is assigned to the SQL fixed server role of sysadmin • ‘sa’ must create users, and assign them to companies out of the box • ‘sa’ must create new companies out of the box • ‘sa’ is also assigned POWERUSER role within from within GP out of the box • This dependence on the ‘sa’ account creates significant financial, system and organizational risk. First, ‘sa’ is a generic account name and not a named account. This makes it difficult to isolate who used the ‘sa’ account to make critical changes and verify if those changes were authorized. Second, the ‘sa’ account can view, update and delete data from within Dynamics GP, SQL Server Management Studio and any other tools that provide database connectivity including Microsoft Excel. Finally, ‘sa’ access enables user to make sweeping and powerful changes to critical data. This increases the risk of malicious or unintentional database catastrophes.

  6. Minimizing the use of ‘sa’ with Dynamics GP • Solution • There are many solutions that are better than using the out of the box ‘sa’ access for these tasks. Some options are listed on page 37 of the SecurityPlanning.pdf provided by Microsoft. • Designate a standard GP user as your organization’s GP Access administrator • Assign SQL Server Fixed server role to a GP SQL Login • Revoke Security Setup within GP • This user is responsible for: • Creating and deleting all Dynamics GP users • Assigning users to companies in your Dynamics GP environment • Resetting forgotten user passwords • This user should NOT have access to assign security rights from within Dynamics GP.

  7. Minimizing the use of ‘sa’ with Dynamics GP • Designate a standard GP user as your organization’s GP Security Administrator. • This user is responsible for: • Assigning Users to Roles, as well as their Mod-Alt profile • Assigning Tasks to Roles and creating or deleting Roles • Assigning Windows and Reports to Tasks and creating or deleting Tasks • Managing Mod-Alt profile setups • This user should NOT have the ability to create GP Users, or assign them to GP Companies

  8. Minimizing the use of ‘sa’ with Dynamics GP • Revoke the POWERUSER role from ‘sa’. Give ‘sa’ the minimum permissions required to perform duties within Dynamics GP. Places where ‘sa’ is still required: • Performing 3rd party upgrades (Not all 3rd parties require ‘sa’) • Using Professional Services Tools Library

  9. Thank you! Jeff Soelberg soelberg@gofastpath.com

More Related