Optimize security using Field Level Security
During an Implementation of Microsoft Dynamics GP, My client asked me how can I hide the Unit Cost field in SOP Transaction Entry window for certain users (not for all users). If the client said he needed it for all users, my job is quite simple, as to just go to global setting of SOP wherein I unmark the Display Item Unit cost option. If I want to achieve the same in User Security, I can’t because in User Security, I can’t limit the access by fields.Then, I was thinking of inserting a small VBA code in each client machine for hiding this field. Is this the only option? Certainly Not. This is where the Field Level Security(FLS) comes into picture. Field Level Security (Termed as Advanced Security in Dynamics GP V9.0) is an additional security layer(module) in Microsoft Dynamics GP that provides the ability to restrict access to any field, window or form. It does offer several options in terms of access restriction through Security Modes. Let us see what security modes does the FLS possess
| Password Before | Access is restricted for a field by password before field is accessed |
| Password After | Password must be entered for any changes to field to be saved |
| Access will be denied for a field combined with a warning | |
| User can’t use or modify the field | |
| Field will be displayed but will not be available | |
| Field wont be displayed | |
| Window level security – Must enter password while opening the window | |
| Window level security – Only “sa’ password is permitted for displaying the window | |
| Form Level Security – Must enter password for accessing the form | |
| Disable Form | Form Level Security - Only “sa’ password is permitted for displaying the form |
Based on the selection of the Security Modes here in this FLS Security Maintenance, the respective access restriction would apply to the specific user(s) and specific company or companies. Out of the 10 security modes available, 4 modes are actually applicable for windows and Form Level security. Password window makes sure when a user tries to access a particular GP window, it asks for a password unless otherwise the access would be denied. Disable window makes sure the user doesn't have complete access to a specific GP window. Similar case is for password Form and Disable Form.
In another example where I configured a Sales process in SOP Transaction entry for Service items. In this case, The user don’t need to see the fields related to Req Shipping date, Actual Shipping Date and so on. I used FLS to completely hide those fields using “Hide Field” security mode for all users. Now, Assume we have a scenario where the client says I need select Users to view the Unit cost while entering the Purchase order but they should not have access to modify the same. In this case, we can set security using “Disable Field” mode. Assume, the client says select users should not access the General Entry screen itself, it can be either set up at the User Security level itself or at FLS using “Disable Window” mode.
There are several other possibilities that we can make use of, in Field Level Security Feature so as to ensure an optimum security layer for any organization.
Just a quick comment.
ReplyDeleteField Level Security and Advanced Security were always included in the same dictionary as they were purchased from Winthrop Dexterity Consultants together (as Omni Security and Omni Field Security).
For v7.50 through to v9.0, the AdvSecur.dic contained both Advanced Security and Field Level Security. Advanced Security was provided as part of the System Manager, but Field Level Security required extra registration.
From v10.0 onwards, the AdvSecur.dic now only includes the Field Level Security component as Advanced Security is no longer relevant with the new pessimistic role based security model.
David
http://blogs.msdn.com/DevelopingForDynamicsGP/
David,
ReplyDeleteThanks for your comments. This marks the little difference between Field Level Security and Advanced Security