GP Easy Security Fixes: Account Maintenance

[In this series, we’re looking at quick fixes to improve GP security. ]

Controlling the chart of accounts is about as fundamental as it gets in an accounting system. If the chart can change, the fundamental nature of the resulting financial statements can be changed. Imagine the damage that could be done simply by reclassifying an income statement account to a balance sheet account? That’s before we get into false accounts and transactions (shudder). 

Controlling who has access to the chart of accounts via the Account Maintenance window in Dynamics is an easy way to eliminate a lot of segregation of duties issues. Separating account creation and maintenance from the ability to make entries is a great way to improve control and it is easier than expected. Even in a very small finance organization it’s possible to segregate duties by letting the  controller manage the chart and others make journal entries. It’s not perfect, but it’s an improvement. 

Account Maintenance

The only really pushback is that sometimes users need to see elements in the chart to confirm that they are using the right number, validate that the account was setup correctly, etc. In Dynamics GP, there is no inquiry window for the chart accounts. Frankly, this is a poor reason to grant access. Both the Accounts Navigation List (Financial>Navigation Lists>Accounts) and the Accounts Smartlist (MSDynamicsGP>Smartlists>Financial>Accounts) can show account information including the description, account type, active status, and user defined information without permission to make changes. 

By default, the Accounting Manager, Bookkeeper, Certified Accountant, and Power User roles all have access to the Account Maintenance window. Access is provided via the Card_0101* task. Reducing the roles with access to this task or moving access to Account Maintenance to separate task and tightly controlling the roles it is assigned to will along way in managing access to the chart. 

One additional note, the Mass Modify Chart of Accounts feature (Financial>Cards>Financial>Mass Modify) can also be used to create or change accounts. Security to Mass Modify Chart of Accounts is also included in the Cards_1010* task and in most case should mirror the access granted to Account Maintenance. 

Mass Modify

The chart is the heart of an accounting system and it’s still surprising how often we run into segregation of duties issues where a large number of users have access to make changes to the chart. This is an easy fix, so get things cleaned up today.

You can find all of the fixes in this series at GP Easy Security Fixes.

GP Easy Security Fixes: Journal Entries

[In this series, we’re looking at quick fixes to improve GP security. ]

Controlling access to Journal Entries is a fundamental control point. If users can make and post journal entries without any review, they can do just about anything to the final financial statement numbers.  

In Dynamics GP, there are actually three different ways to enter a journal entry and an easy security fix is to turn off two of them. 

In Dynamics GP, a journal entry can be created using the Transaction Entry, Quick Journal Entry, or Clearing Entry windows. 

Transaction Entry is the primary journal entry option. It supports batches for review, approval of batches, and workflow approval by batch. This is what most people think of when they think of creating a journal entry in GP. It’s also the area where organizations are most likely to place controls.

Transaction Entry window

Quick Journals were designed to be journal entries created via templates where the accounts were similar from month to month, but the amounts  would change. There are a couple of problems with Quick Journals:

  • They don’t use batches making them difficult for others to review prior to posting
  • They don’t support approvals
  • They don’t support workflow
  • They are rarely used.

This last one is actually the biggest issue. Because many companies barely know that Quick Journals exist, they don’t restrict them in security. It’s a journal entry hole big enough to drive a truck through. 

Quick Journal Entry

On top of that, Quick Journal functionality can be duplicated using recurring batches in Transaction Entry. The Recurring Batches feature provides equivalent functionality with approval and review options using the Transaction Entry window.

There is a simple fix, turn Quick Journals off. In a base GP install, the Accounting Manager, Bookkeeper, and Power User roles have access to the Quick Journal Entry window. It is a part of the TRX_FIN_001* task. Simply remove the window from the task to remove access using Setup>System>Security Tasks.

Finally, we come to the odd little feature known as Clearing Entries. Clearing entries are designed to clear the balance of an account (either year-to-date or for a specific period) to a different account, hence the name. The odd part is that these entries don’t show any amounts. Users simply select Year-to-Date or Trx Period and they are left hoping the amount is correct. While a report can be run to show the amount, that’s extra time and effort just to see the amounts on a journal entry. 

This is another feature that is rarely, if ever used. Most users prefer to validate the balance to be moved and then process a regular journal entry.

Clearing Entry

Clearing entries do support batches, but there is so little benefit to clearing entries that most users avoid them. Turning them off is a great way to ensure that they can’t be used as a back door to an inappropriate journal entry.

Clearing entries are also part of the Accounting Manager, Bookkeeper and Power User roles and they are a member of the TRX_FIN_001* task by default. Simply remove the window from the task to turn it off using Setup>System>Security Tasks.

With just a couple of simple tweaks, it’s easy close off access to alternative journal entry options and focus control on the main Transaction Entry window.

You can find all of the fixes in this series at GP Easy Security Fixes.

New Series: Easy Security Fixes for GP.

It’s a new year and time for a new weekly series. This one takes a look at easy security fixes for Dynamics GP.

Security gets a lot of attention around year-end, and many companies know that their GP security settings aren’t the best that they could be. There are plenty of good reasons for this, but I’m not here to point fingers, I’m here to help.

Realistically, there are lots of things companies should do to setup security the right way in GP. These include understanding processes, mapping processes to job functions, tying job functions to Roles and Tasks in GP and reviewing the whole pile for segregations of duties conflicts. But not everyone understand the incredible value built when you setup security the right way, and sometimes, you just need to make some progress now. 

This series isn’t about doing everything right, it’s about doing something now that makes you safer tomorrow than you were yesterday. It’s the “I know I should I should eat right and exercise, but how do I lose 5 pounds by Friday?” approach to GP security. 

In this series I’m going to focus on fast security fixes around:

We’ll do one a week for eight weeks and then we’ll play with something new. Links to each item will be added once the post is up. 

Hands On With Microsoft Dynamics GP 2018 R2 New Features: Duplicate Check Numbers Option Extended


Ian Grieve is Hands On With Microsoft Dynamics GP 2018 R2 New Features: Duplicate Check Numbers Option Extended. Ian’s new feature series is fantastic, make sure to check out all the items. This one was particularly important, so I wanted to highlight it here. 

Quick Journals

Jen Kuntz looks at Quick Journals. My attitude has changed toward Quick Journals. I used to like them, and I used them as a controller, but they are clunky to set up and use and two other features are now better options. Recurring batches are easier to use, setup, and change than Quick Journals. They also allow batch approvals, which Quick Journals do not. The other feature that dips into Quick Journal territory is Copy/Paste from Excel. 

Copy/Paste from Excel lets users maintain their recurring entries in Excel and simply paste in the current month’s numbers. Since this is done via a Journal Entry there are fewer entry points to manage. Also, preparation of the numbers on the Excel sheet can be separated from the user who actually does the entry. 

Quick Journals work fine, I just think that Recurring Batches and Copy/Paste from Excel have made the feature redundant. 

Dynamics GP 2018 R2 – Transaction Level Posting allows to Post “Through” General Ledger

This is a big change and you probably missed it, but Mahmoud AlSaadi has it covered. 

Post through for transaction level posting has been a problem in GP. Posting via batch would allow posting through the GL, i.e., posting to the subledger and GL without stopping. For most transaction types, posting via transaction would cause the transaction to stop at the GL and be reposted. This wasn’t exactly efficient and now it’s being addressed in GP 2018 R2. Make sure to check out Mahmoud’s post for details.