Optimize security using Field Level Security

During an Implementation of Microsoft Dynamics GP, My client asked me how can I hide the Unit Cost field in SOP Transaction Entry window for certain users (not for all users). If the client said he needed it for all users, my job is quite simple, as to just go to global setting of SOP wherein I unmark the Display Item Unit cost option. If I want to achieve the same in User Security, I can’t because in User Security, I can’t limit the access by fields.Then, I was thinking of inserting a small VBA code in each client machine for hiding this field. Is this the only option? Certainly Not. This is where the Field Level Security(FLS) comes into picture. Field Level Security (Termed as Advanced Security in Dynamics GP V9.0) is an additional security layer(module) in Microsoft Dynamics GP that provides the ability to restrict access to any field, window or form. It does offer several options in terms of access restriction through Security Modes. Let us see what security modes does the FLS possess

Password Before

Access is restricted for a field by password before field is accessed

Password After

Password must be entered for any changes to field to be saved

Warning Before

Access will be denied for a field combined with a warning

Lock Field

User can’t use or modify the field

Disable Field

Field will be displayed but will not be available

Hide Field

Field wont be displayed

Password Window

Window level security – Must enter password while opening the window

Disable Window

Window level security – Only “sa’ password is permitted for displaying the window

Password Form

Form Level Security – Must enter password for accessing the form

Disable Form

Form Level Security - Only “sa’ password is permitted for displaying the form











Based on the selection of the Security Modes here in this FLS Security Maintenance, the respective access restriction would apply to the specific user(s) and specific company or companies. Out of the 10 security modes available, 4 modes are actually applicable for windows and Form Level security. Password window makes sure when a user tries to access a particular GP window, it asks for a password unless otherwise the access would be denied. Disable window makes sure the user doesn't have complete access to a specific GP window. Similar case is for password Form and Disable Form.

In another example where I configured a Sales process in SOP Transaction entry for Service items. In this case, The user don’t need to see the fields related to Req Shipping date, Actual Shipping Date and so on. I used FLS to completely hide those fields using “Hide Field” security mode for all users. Now, Assume we have a scenario where the client says I need select Users to view the Unit cost while entering the Purchase order but they should not have access to modify the same. In this case, we can set security using “Disable Field” mode. Assume, the client says select users should not access the General Entry screen itself, it can be either set up at the User Security level itself or at FLS using “Disable Window” mode.

There are several other possibilities that we can make use of, in Field Level Security Feature so as to ensure an optimum security layer for any organization.


  1. Just a quick comment.

    Field Level Security and Advanced Security were always included in the same dictionary as they were purchased from Winthrop Dexterity Consultants together (as Omni Security and Omni Field Security).

    For v7.50 through to v9.0, the AdvSecur.dic contained both Advanced Security and Field Level Security. Advanced Security was provided as part of the System Manager, but Field Level Security required extra registration.

    From v10.0 onwards, the AdvSecur.dic now only includes the Field Level Security component as Advanced Security is no longer relevant with the new pessimistic role based security model.


  2. David,

    Thanks for your comments. This marks the little difference between Field Level Security and Advanced Security