Dynamics GP Error – “You don’t have security privileges to open this window error message. Contact your system administrator.”

By - March 28, 2020

How often does one of your GP users receive a permissions error when trying to access a specific window in GP?  If you are having trouble locating the appropriate Security Role/Task/Operation combination to access the window, here are some simple steps to get users the access they need:

  1. Populate the SY09400 table (Security Resource Descriptions table) by logging in to Dynamics GP as ‘SA’ or a Power User. Click on Microsoft Dynamics GP Menu > Maintenance > Clear Data.
  2. In the Clear Data window, select the Display option > Physical > Series > System. Highlight the Security Resource Descriptions table, and click Insert.  Click OK, and then click “Yes” when prompted if you want to clear data from these tables.  Print the report to the screen.

Once the Clear Data process is complete, the SY09400 table will contain information on all of your forms, windows, reports, views and stored procedures. If you query this table in SQL, notice the field for SECRESTYPE (Security Resource Type).  Below are the values associated with each Security Resource Type:

1 Files
2 Windows
23 Reports
57 Stored Procedures
400 Document Access
500 Customization Tools
600 Series Posting Permissions
700 GP Import
800 Letters
900 Navigation Lists
1000 SmartList Objects

These values, with the exception of stored procedures and views, are similar to the values you see in the Security Task Assignment window when setting up a Security Task.  See below:

Note:  You only have to do Step 2 once. The information will remain in the SY09400 table for future analysis of security issues.

  1. Once you have populated the SY09400 table, the next step is to capture a dexsql.log while recreating the permissions error. Click here for instructions on how to create a dexsql.log.

Note:  To capture the log file, go to the Microsoft Dynamics GP folder on the machine where the user accesses GP. If the GP client is on a terminal server where all users access the same GP client, users will need to be out of GP while running these procedures.  This is an important step because it will keep the size of the log down considerably and narrow the issue down to only those steps taken by the user experiencing the error.

  1. Once the dexsql.log has been created, go to the Microsoft Dynamics GP code folder normally found under C:\Program Files (x86)\Microsoft Dynamics\GP20XX\Data\, and you should see the dexsql.log. Open the file in Note Pad.
  2. Scroll down to the bottom of the dexsql.log, and look for a reference to the main security view, SY10000. See example below:

 { CALL DYNAMICS.dbo.zDP_SY10000SS_1 ( ‘GPUserID’, 1, 0, 253, 2 ) }

In this script example, use the key below:

  • GPUserID = the user ID of the user re-creating the error
  • 1= company ID
  • 0 = product or dictionary ID
  • 253 = the security id of the object
  • 2 = window/form
  1. Using this information, run the script below against the Dynamics database to determine the display name of the window:

select * DSPLNAME, from SY09400 where DICTID = 0 and SECRESTYPE = 2 and SECURITYID =  253

  1. In this case, the results show the DSPLNAME is the Payables Transaction Entry Distribution window. The display name is the name of the window in the script below and runs it against the Dynamics DB:

Select c.SECURITYROLEID, b.SECURITYTASKID, a.DSPLNAME, a.PRODNAME, a.TYPESTR, a.SECURITYID, a.RESTECHNAME, a.DICTID, a.secrestype, a.securityid from SY09400a full join SY10700 b ON a.DICTID = b.DICTID and a.secrestype = b.secrestype and a.securityid = b.securityid full join SY10600 c ON c.securitytaskid = b.securitytaskid Where a.DSPLNAME = ‘Payables Transaction Entry Distribution’    

  1. The results of the script will show you all the Security Roles and Tasks that include the Payables Transaction Entry Distribution window. Review the results of the script and compare them against the security roles assigned to the user receiving the permissions error.  To get a list of the user’s current assigned security roles and tasks, you can run the following script:

Select *from SY10500 WHERE USERID = ‘XXXXX’

Replace XXXXX with the user in question.  Then open GP and go to Setup > Security > User Security.  Pull up the user id, company, and modify the user’s current security roles and tasks in GP as required.

These steps will save you hours of frustration hunting through the various security roles and tasks trying to find the exact security object and will ensure you have assigned the user the correct combination of security role, task, and operation.

RSM offers access to Certified Microsoft Professionals, help desk and phone support, knowledge and experience with third-party products and dedicated account management.  To learn more about who we are, go to http://rsmus.com/who-we-are.html or contact our professionals at erp@rsmus.com or by phone at 855.437.7202.

Receive Posts by Email

Subscribe and receive notifications of new posts by email.