This morning I been thinking about the new security structure for Dynamics GP web-client user who does not have SQL Users, and how these users will interact with SQL Server, I had to go through this as I have a client who’s running a very strict policy in granting SQL permissions for domain users.
Getting through this, I have created few users with multiple scenarios as below:
- The first user linked to domain account called that “TEST1”, but didn’t check “Web Client user only (no SQL Server Account)”
- The second user linked to domain account called that “TEST2”, and checked the “Web Client user only (no SQL Server Account)” option.
I have noticed that the first case created an “SQL User Account” called “TEST1” and didn’t granted the domain user any access to the database, and the second didn’t create any users which been a mystery to me understanding which user will be used to access the SQL Server!
To test this I have modified the GL00100 table and added a new column called “UserName” –this is for testing only, you cannot do this on GP tables!- and set the default value for this column to be “SUSER_SNAME()” function which returns the user who’s currently logged in and started my testing by creating new accounts!
Logged in by TEST1 to the web client and created a new account, the result was somehow wired, the user who was recorded was “DYNSA”
Logged in by TEST2 to the web client and created a new account, the result was the same, the user who was recorded was “DYNSA” as well.
Then logged in but selected “SQL Authentication” option from the login page:
The result was as expected, the logged in user was “TEST1”!
Now it been clear, all windows authentication users will be using one account to access the SQL, the login is the one you specified during the installation of the web client, so if you been counting on the user who is currently logged in in your customizations you might need to review your code!
Hope that helps giving you a good understanding to the new security process.