we recently upgraded to Dynamics GP 2015 -- no problems here.
During the setup and upgrade of this, I found out that that all of our clients have ODBC connections to the server configured with SQL server credentials of sa! Previous versions, the connection was created by the installer package, so it could have been this way for some time and I was never aware of it, but with this one, the method our partner used to set it up, I have to create the ODBC connection myself.
Now being a security oriented person, this makes make CRINGE and I need to change this.
All of my GP users are in an AD security group already, the server is setup for mixed mode authentication, I just need to know what roles or database permissions I need to give the group so that GP can perform any/all necessary actions it needs to. While I am pretty sure I could do this by giving them db_owner, that seems overkill but it would probably work so I thought I would ask here.
Each GP user has access to each company, so that is not really a concern. I recognize that security within the application is controlled / monitored / handled by the GP application. My users do not have admin privileges on their machines so them maintaining their credentials for the ODBC connection is not practical so at least for the ODBC portion, I'd like to have that part authenticate with their windows info.
I don't think they would need access to the management report databases though, this would be more governed by the management reporter service running and the MR client connects to that service is the way it looks.
Not sure what to do about the Dynamics database either.
Any suggestions or best practices on this someone can refer me to? Even if a direct link within customer source. I could not find but I am not good at finding things on customer source. I did ping my partner again and they told me they just set all the ODBC up as "sa" becuase "its easier and it works". But that puts me in a very weird bind from a security perspective.