I’m continually surprised that even with a decade of training experience, Dynamics GP users still uncover unexpected features. Just recently, during a class, a situation arose concerning account level security and the advanced search within the account lookup window.
For those unfamiliar with account level security, sometimes called organizational structures, this Dynamics GP feature allows you to organize users and general ledger accounts according to your company’s structure. This limits which accounts each user can access. Companies use this for several reasons:
- Preventing users from posting to the wrong accounts
- Protecting sensitive account information from unauthorized viewing
- Presenting a simplified interface showing only relevant accounts to each user
Let’s imagine a scenario where account level security is set up to display a limited list of accounts for payables clerks.
When they use the Accounts lookup, the first account shown is 000-6170-04. This is the first account in their restricted list, not the entire chart of accounts. This functions as intended, ensuring payables clerks only see their designated expense accounts. However, a question arises: what happens when a user utilizes the Advanced Search function?
In this example, using the Advanced Search (the binoculars icon) and searching for Account Numbers starting with “000-1” yields a list. Surprisingly, this list includes accounts that fit the criteria but fall outside the restricted access granted by account security. Attempting to select one of these accounts results in an error:
While you can see these accounts, you cannot use them without proper access. This presents a minor issue: although the list is secure for posting and reporting, it doesn’t prevent viewing account descriptions. These descriptions might contain sensitive data, like names, that some might assume are hidden from restricted users. However, this is not the case, so it’s crucial to plan accordingly.
A problem report exists for this issue, though it’s older and hasn’t gained much traction. Contact your Partner or Microsoft Support if you encounter this problem and want to be added to the list of affected customers. The report details are as follows:
MBS Great Plains 4799 - ‘Search Accounts’ returns all accounts, not just enabled
Have a great Thursday!
Christina Phillips is a Microsoft Certified Trainer and Dynamics GP Certified Professional. She is a supervising consultant with BKD Technologies, providing training, support, and project management services to new and existing Microsoft Dynamics customers. This blog represents her views only, not those of her employer.