Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

Error message when you try to log on to Microsoft Dynamics GP or open a window or a report in Microsoft Dynamics GP: "You don't have security privileges to this window. Contact your system administrator for assistance"


View products that this article applies to.

Symptoms

Symptom 1

When you start Microsoft Dynamics GP or Microsoft Business Solutions - Great Plains, or when you try to open a restricted window, you receive the following error message:
You don't have security privileges to this window. Contact your system administrator for assistance.


See Cause 1, Cause 2, and Cause 3 in the "Cause" section.

Symptom 2

When you open a window or a report in Microsoft Dynamics GP 10.0, you receive the following error message:
You don't have security privileges to open this window. Contact your system administrator for assistance.
See Cause 4 in the "Cause" section.

↑ Back to the top


Cause

Cause 1


This problem occurs because you do not have security access to one or more of the shortcut windows that are listed in the Startup folder.


See Resolution 1 in the "Resolution" section.

Cause 2

In Microsoft Business Solutions - Great Plains 8.0 and in Microsoft Dynamics GP 9.0, this problem occurs because minimum security is not set correctly.

This problem does not occur in Microsoft Dynamics GP 10.0.

See Resolution 2 in the "Resolution" section.

Cause 3

If you can successfully log on when you click OK in the error message, a third-party product may be restricting access.

See Resolution 3 in the "Resolution" section.

Cause 4

This problem occurs because the window or the report has insufficient security rights.

See Resolution 4 in the "Resolution" section.

↑ Back to the top


Resolution

Resolution 1

To resolve this problem, remove the window from the Startup folder. Or, grant the usersecurity access to the window.

Resolution 2

To resolve this problem in Microsoft Business Solutions - Great Plains 8.0 and in Microsoft Dynamics GP 9.0, set up minimum security. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

858718 How to set up minimum security access to log in to Microsoft Dynamics GP or to Microsoft Great Plains

This problem does not occur in Microsoft Dynamics GP 10.0.

Resolution 3

To resolve this problem, remove the third-party product from the Dynamics.set file. For more information about how to remove items from your Dynamics.set file, click the following article number to view the article in the Microsoft Knowledge Base:

872087 How to disable third-party products in the Dynamics.set file in Microsoft Dynamics GP

Resolution 4

To resolve this problem, follow these steps:
  1. Capture the error in a log file. To do this, follow these steps:
    1. Create a Dexsql.log file. For more information about how to create a Dexsql.log file, click the following article number to view the article in the Microsoft Knowledge Base:

      850996 How to create a Dexsql.log file for Microsoft Dynamics GP

    2. On the workstation, log on to Microsoft Dynamics GP 10.0 as the user who receives the error.
    3. Re-create the issue, but do not click OK to close the message.
    4. Locate the Dexsql.log file, and then rename the file to prevent the file from being written.

      Note The Dexsql.log file will be written to the same Data folder that holds the Dex.ini file.
    5. Open the Dexsql.log file, scroll to the bottom, and then look for the last call to the User Security table (SY10000). For example, the last call would appear as follows:
      { CALL DYNAMICS.dbo.zDP_SY10000SS_1 ( 'sa', -1, 0, 390, 2 ) }
      Note The parameters of this call are as follows:
      • 'sa' is the ID of the user whose security is being checked.
      • -1 is the Company ID where the security is being checked.
      • 0 = (DICTID) is the Product ID of the window or the report that is opened.
      • 390 = (SECURITYID) is the Unique ID for the window or the report that is opened.
      • 2 = (SECRESTYPE) is the Resource type. A value of 2 indicates a window, and a value of 23 indicates a report.
  2. Populate the Security Resource Description table to translate the Security ID value to a window name or to a report name. To do this, follow these steps:
    1. Log on to Microsoft Dynamics GP 10.0 as the 'sa' when no other users are logged on.
    2. Click Microsoft Dynamics GP, point to Maintenance, and then click Clear Data.
    3. On the Display menu, click Physical.
    4. In the Series field, click System in the drop-down list.
    5. Click the Security Resources Description table, click Insert, and then click OK to process.
    6. Print the report to screen, and then check for errors.
  3. Check the Security Resource Description table for the window or the report name. To do this, edit and run the following script in Microsoft SQL Server Management Studio or in SQL Query Analyzer against the DYNAMICS database.
    SELECT * FROM DYNAMICS..SY09400
    WHERE DICTID =
    AND SECURITYID =
    AND SECRESTYPE =
    In this example, the script would appear as follows.
    SELECT * FROM DYNAMICS..SY09400
    WHERE DICTID = 0
    AND SECURITYID = 390
    AND SECRESTYPE = 2
    Therefore, this script returns the Customer Maintenance window as the source of the issue.
  4. Generate a list of Microsoft Dynamics GP 10.0 security tasks and roles that grant access to this window. To do this, edit and then run the following script against the DYNAMICS database.
    SELECT ISNULL(A.SECURITYROLEID,'') AS SECURITYROLEID, 
    ISNULL(M.SECURITYROLENAME,'') AS SECURITYROLENAME,
    --ISNULL(M.SECURITYROLEDESC,'') AS SECURITYROLEDESC,
    ISNULL(O.SECURITYTASKID,'') AS SECURITYTASKID,
    ISNULL(T.SECURITYTASKNAME,'') AS SECURITYTASKNAME,
    --ISNULL(T.SECURITYTASKDESC,'') AS SECURITYTASKDESC,
    R.PRODNAME, R.TYPESTR, R.DSPLNAME, R.RESTECHNAME, R.DICTID, R.SECRESTYPE,
    R.SECURITYID FROM DYNAMICS.dbo.SY09400 R
    FULL JOIN DYNAMICS.dbo.SY10700 O ON R.DICTID = O.DICTID AND O.SECRESTYPE = R.SECRESTYPE AND O.SECURITYID = R.SECURITYID
    FULL JOIN DYNAMICS.dbo.SY09000 T ON T.SECURITYTASKID = O.SECURITYTASKID
    FULL JOIN DYNAMICS.dbo.SY10600 A ON A.SECURITYTASKID = T.SECURITYTASKID
    FULL JOIN DYNAMICS.dbo.SY09100 M ON M.SECURITYROLEID = A.SECURITYROLEID WHERE R.DSPLNAME = '<Display_Name>'

    Note Replace <Display_Name> with the window name or with the report name from the SY09400 table results.
  5. Change the user's Security Role assignment to add them to one of the roles that is listed in the results of step 4. Additionally, you can create a new Security Role based on the Security Tasks that are listed in the results.

↑ Back to the top


Keywords: kbnosurvey, kberrmsg, kbmbsgp10,, kbfreshness2007, kbmbsmigrate, kb

↑ Back to the top

Article Info
Article ID : 857086
Revision : 1
Created on : 1/7/2017
Published on : 12/14/2015
Exists online : False
Views : 230