You, Me and Dynamics GP
Andy Snook of Fastpath has a great new article on dealing with the dangers posed by the SA account in Dynamics GP. He makes some great points and it is definitely a must read. So I thought that I would add my own thoughts in addition to Andy's.
- Some ISV apps can ONLY be installed using SA. Other techniques to avoid the use of SA don't work here. Frankly, this needs to be fixed by ISV's. It's a problem that people whine about but hasn't been addressed.
- Andy makes the point that SA does not have to be a power user. I agree, mostly. The catch 22 is this, most consultants expect SA to be a power user. In fact a common troubleshooting technique is to determine if SA can do something, since that often indicates whether a problem is security related. If you don't communicate that SA has limited rights you can spend a fortune on unnecessary troubleshooting. It's often one of those "slipped my mind" kind of things. Notice the issue is not limited SA rights but communicating that SA rights have been limited, since this is still surprisingly rare.
- Additionally, if security is NOT well setup, the presence of SA as a power user can be a lifeline when say, payroll checks don't print because of a security problem.
