At present in Microsoft Dynamics GP, one sets security by assigning operations to tasks and assigning tasks to roles. Let’s say you created a new role named AP CLERK and assigned related tasks to that role. This role can be assigned to anyone who is doing Accounts Payable (AP) work.
Roles → Tasks → Operations
Now, imagine you have another person who needs all the access of AP CLERK, except for printing and posting cheques. Guess what! You must create a new role by copying AP CLERK and creating new tasks to remove operations related to printing and posting cheques. You must also describe those new tasks with sufficient detail to recall the reason for the new role and to use it appropriately.
In multi-user companies, this scenario could result in two things:
a) The potential for a number of overlapping roles and tasks
b) Fewer roles and tasks, resulting in assigning unnecessary tasks to users. That means users may have access to unwanted windows and reports.
There is a new feature available through GP Power Tools: Build 22. The name of that feature is “Deny-Based Security”. Using this feature, one can deny appropriate windows and reports specific to company and user. This means:
- No clutter of roles and tasks
- Assigning only required windows and reports to the user per company.
It’s similar to GP field-level security, using which one can apply exclusive criteria per user per company.
Amazing! Isn’t it?