We recently were working with a Dynamics GP client that has hundreds of users. They needed to give their IT department the ability to administer GP users and user access without giving them the DYNSA password. We found no documentation on how to accomplish this. So by trial and error we came up with a solution:
IN DYNAMICS GP (login as ‘sa’):
Created new Security Task: ADMIN_SYSTEM_USER
Gave the Task access to:
Category: System
Product: Microsoft Dynamics
Type: Windows
Series: System
– Activity Tracking Setup
– Alternate/Modified Forms and Reports
– Remove Security Setup Records
– User Access Setup
– User Class Setup
– User Security Setup
– User Setup
Created new Security Role: USER_ADMIN and added DEFAULT and ADMIN_SYSTEM_USER tasks to it.
Added Role to users security in GP
IN SQL SERVER MANAGEMENT STUDIO:
From Security:
Added the following roles to SQL user accounts
dbcreater
securityadmin
Added the following mapping to the SQL User accounts for all GP DBs .
db_owner
db_securityadmin
DYNGRP
public