Sunday, October 5, 2014

SmartList Security Setup

If you have some users who can access SmartLists and others who cannot, it is entirely possible the users who can are POWERUSER in GP and the users who cannot are not members of this group.

The POWERSUER user group provides access to any and all features in GP -- technically it is the absence of security controls.  This is a really important distinction if your organization wrestles with SOX Compliance.  In small organizations, it is typical for 2-4 people to have universal access to GP (Ownership, Operations Manager, CFO and Bookkeeper).  In larger organizations there are typically more defined roles for more numerous users, some who act as clerks, others who act as managers and still others who focus primarily on financials -- this is absolutely critical when SOX Compliance is necessary.

There are no default Security Tasks or Roles in Dynamics GP for SmartList Objects.  In order to provide the appropriate security for SmartList Objects to users, these Tasks and Roles must be created and assigned to users.

SmartList Object Security Tasks:   Navigate to Microsoft Dynamics GP > Tools > Setup > System > Security Tasks - Create a New Task ID = _SMARTLIST OBJECTS, Task Name = SmartList Object Permissions, Category = System, Product = SmartList, Type = SmartList Object, Series = SmartList Objects - Click the Mark All button; this will provide access to ALL SmartList Objects that currently exist!  When SmartList Builder is used to create new SmartList Objects, permissions will need to be granted for them, after their creation.  Click the Save button to save this new Security Task.



SmartList System Security Tasks:   Navigate to Microsoft Dynamics GP > Tools > Setup > System > Security Tasks - Create a New Task ID = _SMARTLIST SYSTEM, Task Name = SmartList System Permissions, Category = System, Product = SmartList Builder, Type = SmartList Builder Permissions, Series = SmartList Builder- Click the Mark All button; this will provide access to ALL SmartList Builder Features  Click the Save button to save this new Security Task.

          SmartList Security Role:   Navigate to Microsoft Dynamics GP > Tools > Setup > System > Security Roles - Create a New Role ID = _SMARTLIST ALL ACCESS, Role Name = SmartList Permissions-All Access, Display = System - Check the boxes next to _SMARTLIST OBJECTS and _SMARTLIST SYSTEM; this will provide access to ALL SmartList Builder Features  Click the Save button to save this new Security Role.


  
Assign the Security Role to a User:  Navigate to Microsoft Dynamics GP > Tools > Setup > System > User Security.  Look Up the User, or Type in the User ID.  Select a company - you will only see companies the user has access rights to.  Check the _SMARTLIST ALL ACCESS Security Role - to add the user to the Security Role.  Click the Save button to commit the change.  Users who are logged into GP will need to log out and back in again for changes to propagate.

This security schema will permit access to all SmartList Objects and Features.  If you would like to prevent access to various SmartList Objects, you can create more granular security groups to grant access to only SmartList Objects related to their assigned roles (department).


2 comments:

  1. This is great information. Is it possible to make the smartlist objects that you don't want them to see invisible? This works to keep them from accessing anything they don't need to, in that it limits which windows will open. That said my test user can still see the summary for financials which is part of what I want to lock down.

    Thanks,

    ReplyDelete
    Replies
    1. I often create objects and assign them to classes. You can also just create a new task that then limits the objects that should be seen.

      Delete