Question : MS Dynamics GP 10 Security query

I am currently performing a Segregation of Duties review for a company. The company uses GP10. I found the following query (see below in code section). I was hoping the GP gurus will be able to provide some insight on it. The main issues that I'm struggling with are:
1. Gaining comfort that the query captures ALL security related privileges.
2. Matching the GP task names to actual functional tasks within the organization.

I'm open to ideas/suggestions, or techniques that could facilitate this process.

Thanks, BC

1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:



CREATE VIEW view_Security_Roles_and_Tasks
AS

/**
view_Security_Roles_and_Tasks
Created Mar 12 2009 by Victoria Yudin - Flexible Solutions, Inc.
For updates see http://victoriayudin.com/gp-reports/
Shows all security roles and tasks by user by company
**/

SELECT	S.USERID UserID, S.CMPANYID CompanyID,
	C.CMPNYNAM CompanyName, S.SecurityRoleID,
	coalesce(T.SECURITYTASKID,'') SecurityTaskID,
	coalesce(TM.SECURITYTASKNAME,'') SecurityTaskName,
	coalesce(TM.SECURITYTASKDESC,'') SecurityTaskDescription

FROM	SY10500 S   -- security assignment user role

LEFT OUTER JOIN
	SY01500 C   -- company master
	ON S.CMPANYID = C.CMPANYID

LEFT OUTER JOIN
	SY10600 T  -- tasks in roles
	ON S.SECURITYROLEID = T.SECURITYROLEID 

LEFT OUTER JOIN
	SY09000 TM  -- tasks master
	ON T.SECURITYTASKID = TM.SECURITYTASKID 

/** the following will grant permissions to this view to DYNGRP,
leave this section off if you do not want to grant permissions **/
GO
GRANT SELECT ON view_Security_Roles_and_Tasks TO DYNGRP

Answer : MS Dynamics GP 10 Security query

BC,

I would recommend going with this one instead: http://victoriayudin.com/2010/05/13/sql-view-with-security-and-smartlist-details-in-gp/. That will give you SmartList objects in addition to the other objects the code you are using returns. Also, please make sure to perform the 6 steps at the beginning of the blog post, without them you will have blanks for most of the columns.

What this will not capture:
- any Field Level Security or Account Level Security settings if you are using those
- any customizations that do anything outside of what is tracked in the GP security tables
- any 3rd party add-ins that do anything outside of what is tracked in the GP security tables

I can't think of anything else, but perhaps others can comment on that.

For your second question - that would require some more specific GP knowledge. I would recommend getting someone knowledgeable from your GP Partner organization to help you with that part. It's not something you'll be able to easily find on your own, certainly not in any one place.