Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Security report
- Thread starter swabunn
- Start date
winthropdc
Programmer
The Advanced Security reports are User/Company or class based and will show all resources for that entity. They will not show all users for one resource which is what you want.
Suggestions:
1) In Advanced Security if you select the Purchase Order Entry window in the tree (left hand side), then look at the status shown next to each user (right hand side) to see whether the user has access.
2) In Advanced Security, export any user to XML, then open the xml file and search for "Purchase Order Entry", this will get you the form ID (829). Then you can query the SY_Security_Normal_MSTR (SY02000) table.
The following query will show users who have access denied
SELECT * FROM SY02000
WHERE ((RESTYPE = 2) AND (DICTID = 0) AND (RESID = 829))
AND ((ALTDICID = 0) AND (ALIAS = ''))
Restype 2 = Form
DictId = 0 = Dynamics
ResId 829 = POP_PO_Entry
AltDictID same as DictID and Alias empty means access denied.
David Musgrave [MSFT]
Original Developer of Advanced Security
Senior Development Consultant
Escalation Engineer - Great Plains
Microsoft Dynamics Support - Asia Pacific
Micorosoft Dynamics (formerly Microsoft Business Solutions)
Any views contained within are my personal views and
not necessarily Microsoft Business Solutions policy.
This posting is provided "AS IS" with no warranties,
and confers no rights.
Suggestions:
1) In Advanced Security if you select the Purchase Order Entry window in the tree (left hand side), then look at the status shown next to each user (right hand side) to see whether the user has access.
2) In Advanced Security, export any user to XML, then open the xml file and search for "Purchase Order Entry", this will get you the form ID (829). Then you can query the SY_Security_Normal_MSTR (SY02000) table.
The following query will show users who have access denied
SELECT * FROM SY02000
WHERE ((RESTYPE = 2) AND (DICTID = 0) AND (RESID = 829))
AND ((ALTDICID = 0) AND (ALIAS = ''))
Restype 2 = Form
DictId = 0 = Dynamics
ResId 829 = POP_PO_Entry
AltDictID same as DictID and Alias empty means access denied.
David Musgrave [MSFT]
Original Developer of Advanced Security
Senior Development Consultant
Escalation Engineer - Great Plains
Microsoft Dynamics Support - Asia Pacific
Micorosoft Dynamics (formerly Microsoft Business Solutions)
Any views contained within are my personal views and
not necessarily Microsoft Business Solutions policy.
This posting is provided "AS IS" with no warranties,
and confers no rights.
- Thread starter
- #3
winthropdc
Programmer
Once security is set, assuming you have also locked down access to the security setup forms, you should not need to check daily.
You can also use Auditing products to notify you if any changes are made to security.
Sounds like you are making extra work here.
David Musgrave [MSFT]
Senior Development Consultant
Escalation Engineer - Great Plains
Microsoft Dynamics Support - Asia Pacific
Micorosoft Dynamics (formerly Microsoft Business Solutions)
mailto:dmusgrav@online.microsoft.com
Any views contained within are my personal views and
not necessarily Microsoft Business Solutions policy.
This posting is provided "AS IS" with no warranties,
and confers no rights.
You can also use Auditing products to notify you if any changes are made to security.
Sounds like you are making extra work here.
David Musgrave [MSFT]
Senior Development Consultant
Escalation Engineer - Great Plains
Microsoft Dynamics Support - Asia Pacific
Micorosoft Dynamics (formerly Microsoft Business Solutions)
mailto:dmusgrav@online.microsoft.com
Any views contained within are my personal views and
not necessarily Microsoft Business Solutions policy.
This posting is provided "AS IS" with no warranties,
and confers no rights.
brainfuelmedia
Programmer
If the ALIAS is not empty and the DICTID is the same at the ALTDICTID, does the user then have access to the alias form?
brainfuelmedia
Programmer
One more question. 
Why are the RESTYPE ID's different in the xml file than as shown in SY02000.
Why are the RESTYPE ID's different in the xml file than as shown in SY02000.
winthropdc
Programmer
The ResType used by Advanced Security is a sequential number and relates directly to the image resource used on the treeview on the Advanced Security window.
There is a layer of abstraction between Advanced Security and how it works and the physical data in the table. This allowed Advanced Security to work with many tables and resources and treat them all the same way.
David Musgrave [MSFT]
Senior Development Consultant
Escalation Engineer - Great Plains
Microsoft Dynamics Support - Asia Pacific
Microsoft Dynamics (formerly Microsoft Business Solutions)
Any views contained within are my personal views and
not necessarily Microsoft Business Solutions policy.
This posting is provided "AS IS" with no warranties,
and confers no rights.
There is a layer of abstraction between Advanced Security and how it works and the physical data in the table. This allowed Advanced Security to work with many tables and resources and treat them all the same way.
David Musgrave [MSFT]
Senior Development Consultant
Escalation Engineer - Great Plains
Microsoft Dynamics Support - Asia Pacific
Microsoft Dynamics (formerly Microsoft Business Solutions)
Any views contained within are my personal views and
not necessarily Microsoft Business Solutions policy.
This posting is provided "AS IS" with no warranties,
and confers no rights.
- Status
Similar threads
- Locked
- Question
- Locked
- Question