Monday, May 17, 2010

Dynamics GP Professional Tools Security

GP Professional Tools Library requires the user to be logged in as ‘sa’.

The tools that specifically require this are -

• Toolkit
• Database Disabler
• Customer Modifier
• Customer Combiner
• Customer Name Modifier
• Item Number Modifier
• Item Number Combiner
• Vendor Modifier
• Vendor Combiner
• Vendor Name Modifier
• Login/User Generator
• Account Modifier/Combiner
• Salesperson Modifier
• Territory Modifier
• Territory Combiner

This is often a problem with customers as administrators don’t like giving out the sa password to end users, who could be running a tool like say Customer Combiner.  Right now, Administrators have the option to go up to the users and log them in every time they want to use these tools, or give them the sa password.

In Microsoft’s SQL Server Security Best Practices, Microsoft recommends -

· Do not manage SQL Server by using the sa login account; assign sysadmin privilege to a knows user or group.

· Rename the sa account to a different account name to prevent attacks on the sa account by name.

As of now, if you are using the Professional Tools Library, you have to use the sa login. You cannot use DYNSA, or any other user with sysadmin rights.

You would simply get the message - “You must be logged in as ‘sa’ to utilize this Utility”

Or maybe, I am missing something here …

Vote for this feature to be implemented,  fliehigh had put this as a product suggestion in May 2008 - https://connect.microsoft.com/dynamics/feedback/details/347992/gp-professional-service-tools-security

No comments: