`sa` with Dynamics GP

advertisement
Enterprise Security for
Microsoft Dynamics GP
Jeff Soelberg
soelberg@gofastpath.com
Fastpath Facts
Founded 2004
 Headquarters in Des Moines, IA
 Microsoft Gold Certified ISV
 Microsoft Gold Certified Partner
 Staff includes CPAs and CIAs

Audit. Security. Compliance. Get on the Fastpath.
Can we prove it?




400+ customers
30+ countries
6 continents
IIA Industry Leader
Audit. Security. Compliance. Get on the Fastpath.
Security and Compliance Products
Audit Trail
Assure
• Robust audit trail solution designed for
the auditor
• Sarbanes-Oxley compliance and
segregation of duties solution
Config AD
• Active Directory integration offers single sign
on for Dynamics GP
Audit View
• Report design and scheduling tool allows
non-technical users to build reports
Audit. Security. Compliance. Get on the Fastpath.
Minimizing the use of ‘sa’ with Dynamics GP

Problem

‘sa’ is the only GP user out of the box that is assigned to the SQL fixed server role of
sysadmin

‘sa’ must create users, and assign them to companies out of the box

‘sa’ must create new companies out of the box

‘sa’ is also assigned POWERUSER role within from within GP out of the box

This dependence on the ‘sa’ account creates significant financial, system and organizational
risk. First, ‘sa’ is a generic account name and not a named account. This makes it difficult
to isolate who used the ‘sa’ account to make critical changes and verify if those changes
were authorized. Second, the ‘sa’ account can view, update and delete data from within
Dynamics GP, SQL Server Management Studio and any other tools that provide database
connectivity including Microsoft Excel. Finally, ‘sa’ access enables user to make sweeping
and powerful changes to critical data. This increases the risk of malicious or unintentional
database catastrophes.
Audit. Security. Compliance. Get on the Fastpath.
Minimizing the use of ‘sa’ with Dynamics GP

Solution

There are many solutions that are better than using the out of the box ‘sa’ access for these
tasks. Some options are listed on page 37 of the SecurityPlanning.pdf provided by Microsoft.

Designate a standard GP user as your organization’s GP Access administrator


Assign SQL Server Fixed server role to a GP SQL Login

Revoke Security Setup within GP
This user is responsible for:

Creating and deleting all Dynamics GP users

Assigning users to companies in your Dynamics GP environment

Resetting forgotten user passwords

This user should NOT have access to assign security rights from within Dynamics GP.
Audit. Security. Compliance. Get on the Fastpath.
Minimizing the use of ‘sa’ with Dynamics GP

Designate a standard GP user as your organization’s GP Security Administrator.

This user is responsible for:

Assigning Users to Roles, as well as their Mod-Alt profile

Assigning Tasks to Roles and creating or deleting Roles

Assigning Windows and Reports to Tasks and creating or deleting Tasks

Managing Mod-Alt profile setups

This user should NOT have the ability to create GP Users, or assign them to GP
Companies
Audit. Security. Compliance. Get on the Fastpath.
Minimizing the use of ‘sa’ with Dynamics
GP

Revoke the POWERUSER role from ‘sa’. Give ‘sa’ the minimum permissions
required to perform duties within Dynamics GP. Places where ‘sa’ is still required:

Performing 3rd party upgrades (Not all 3rd parties require ‘sa’)

Using Professional Services Tools Library
Audit. Security. Compliance. Get on the Fastpath.
Thank you!
Jeff Soelberg
soelberg@gofastpath.com
Download