Académique Documents
Professionnel Documents
Culture Documents
Copyright
Copyright 2006 Microsoft Corporation. All rights reserved. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Notwithstanding the foregoing, the licensee of the software with which this document was provided may make a reasonable number of copies of this document solely for internal use.
Trademarks
Microsoft, Microsoft Dynamics, Visual Basic, Visual Studio, Windows, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation or its affiliates in the United States and/or other countries. The names of actual companies and products mentioned herein may be trademarks or registered marks - in the United States and/or other countries - of their respective owners. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious. No association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred.
Intellectual property
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. Microsoft Corporation disclaims any warranty regarding the sample code contained in this documentation, including the warranties of merchantability and fitness for a particular purpose. The content of this document is furnished for informational use only, is subject to change without notice, and should not be construed as a commitment by Microsoft Corporation. Microsoft Corporation assumes no responsibility or liability for any errors or inaccuracies that may appear in this manual. Neither Microsoft Corporation nor anyone else who has been involved in the creation, production or delivery of this documentation shall be liable for any indirect, incidental, special, exemplary or consequential damages, including but not limited to any loss of anticipated profit or benefits, resulting from the use of this documentation or sample code. Use of this product is covered by a license agreement provided with the software product. If you have any questions, please call the Microsoft Dynamics GP Customer Assistance Department at 800-456-0025 (in the U.S. or Canada) or +1-701-281-6500.
Warranty disclaimer
Limitation of liability
License agreement
Publication date
Contents
Introduction ................................................................................................................................................. 2
Whats in this manual...................................................................................................................................2 Symbols and conventions ............................................................................................................................2 Product support ............................................................................................................................................3
INSTALLATION
AND
ADMINISTRATION
GUIDE
C O N T E N T S
Part 3: Security.................................................................................................................................... 30
Chapter 6: Web Services Security ...................................................................................... 31
Overview......................................................................................................................................................31 Administering security ..............................................................................................................................32 Tasks..............................................................................................................................................................33 Roles..............................................................................................................................................................35 Enterprise level groups ..............................................................................................................................37 Application level groups............................................................................................................................38 Role assignments.........................................................................................................................................40
INTRODUCTION
Introduction
Welcome to Web Services for Microsoft Dynamics GP. This documentation explains how to install and administer these web services so they can be used by applications that integrate with Microsoft Dynamics GP. Before you begin installing and using the web services, take a few moments to review the information presented here.
To learn about creating applications that use the Web Services for Microsoft Dynamics GP, refer to the documentation included with the Web Services for Microsoft Dynamics GP Software Development Kit (SDK).
The light bulb symbol indicates helpful tips, shortcuts, and suggestions. Warnings indicate situations you should be aware of when completing tasks.
Margin notes summarize important information.
Margin notes call attention to critical information and direct you to other areas of the documentation where a topic is explained.
Description
Convention
Part 1, Web Service Basics Bold type indicates a part name. Chapter 7, Policy Installing web services
using System.IO;
Quotation marks indicate a chapter name. Italicized type indicates a section name. This font is used to indicate script examples. Acronyms are spelled out the first time theyre used. Small capital letters indicate a key or a key sequence.
or ALT+M
IN S T A L L A T I O N
AN D
A DM I N I S T R A T I O N
G U I D E
IN T RO D U C T IO N
Product support
Microsoft Dynamics GP technical support can be accessed online or by telephone. Go to www.microsoft.com/BusinessSolutions and click the CustomerSource or PartnerSource link, or call 888-477-7877 (in the US and Canada) or 701-281-0555.
INSTALLATION
AND
ADMINISTRATION
GUIDE
IN S T A L L A T I O N
AN D
A DM I N I S T R A T I O N
G U I D E
IN S T A L L A T I O N
AN D
A DM I N I S T R A T I O N
G U I D E
Chapter 1:
ASP .NET is used as the foundation to implement the Web Services for Microsoft Dynamics GP. It provides the support for the standard protocols that make the web service accessible.
INSTALLATION
AND
ADMINISTRATION
GUIDE
PA RT
W E B
S E R V I C E
B A S I C S
Through the web service, integrating applications can retrieve documents, create new documents, update existing documents, and delete or void documents. The web service for Microsoft Dynamics GP is fully integrated with the Dynamics Security Service. The administrator of the web service can configure security so only specified users are allowed to perform actions like creating or updating sales documents.
IN S T A L L A T I O N
AN D
A DM I N I S T R A T I O N
G U I D E
Chapter 2:
Configurations
Two common configurations are used with Web Services for Microsoft Dynamics GP. In the basic configuration, IIS with ASP .NET and the Web Services for Microsoft Dynamics GP are installed on the same server that is hosting SQL Server and managing Microsoft Dynamics GP data. This is shown in the following illustration:
SQL Server with Dynamics GP Data and eConnect + IIS Server with ASP .NET and Web Services for Microsoft Dynamics GP
INSTALLATION
AND
ADMINISTRATION
GUIDE
PA RT
W E B
S E R V I C E
B A S I C S
The following illustration shows the second common configuration for the Web Services for Microsoft Dynamics GP. In this configuration, the web services are installed on a separate server, and access the SQL Server that manages Microsoft Dynamics GP data over the local network.
Local Network
IIS Server with ASP .NET and Web Services for Microsoft Dynamics GP
Which configuration you choose will depend on how extensively you will be using the Web Services for Microsoft Dynamics GP, and what server resources you have available. The two-server configuration will provide better performance if the web service will be heavily used.
Security
Refer to Chapter 6, Web Services Security, for details about managing web service security.
Security for the Dynamics GP web service is controlled by the Dynamics Security web service. The Dynamics Security web service is installed onto the same web server as the Dynamics GP web service. Through this web service, the web service administrator will configure which users and groups are able to execute the web methods (operations) provided by the Dynamics GP web service. If an application attempts to run a web method for which the current user doesnt have access, a security exception will be raised and the action will be prevented. Security is controlled through the Dynamics Security Administration console, which is a snap-in for Microsoft Management Console (MMC). The console is shown in the following illustration.
10
I N S T A LL AT IO N
A N D
A D M I N I S T R A T I O N
G U I D E
C H A P T E R
W E B
S E R V I C E
A R C HI TE C T U R E
Policy
Refer to Chapter 7, Policy, for details about configuring policy for the Dynamics GP web service.
Policy is another security-related feature for the Dynamics GP web service. The policy system allows the web service administrator to control how business objects are created, updated, or deleted through the Dynamics GP web service. Each create, update, and delete or void web service operation has a policy object that is passed with the operation. This policy object specifies the set of behaviors for the operation. Each behavior controls one characteristic for the operation being performed. For instance, the policy for the CreateCustomer web method has the behavior named Create Active Behavior. This behavior controls whether the customer being created is set to the active or inactive state. Behaviors are classified as internal or external. An internal behavior is one that can be specified by only the web service administrator. An external behavior is one that can be specified by the application that is calling the web method and passing in the policy object. Policy is configured using the Dynamics Security console.
Exception logging
Refer to Chapter 9, Troubleshooting, for more information about using the exception log to troubleshoot the web service.
The Dynamics GP web service maintains a record of all exceptions (errors) that occur for web service operations. The web service administrator will use this information to help diagnose and resolve any issues for applications that use the web service. You can use the Dynamics GP Web Services Exceptions console to view the exception information. This is a snap-in for Microsoft Management Console (MMC) that retrieves and displays the exceptions logged by the Dynamics GP web service. The console is shown in the following illustration.
The exception information can also be queried by applications that access the Dynamics GP web service. Retrieving exception information allows the client applications to display helpful error messages for the user, or to respond appropriately to exceptions that occur.
INSTALLATION
AND
ADMINISTRATION
GUIDE
11
12
I N S T A LL AT IO N
A N D
A D M I N I S T R A T I O N
G U I D E
PART 2: INSTALLATION
Part 2: Installation
This portion of the documentation explains how to install the Web Services for Microsoft Dynamics GP. The following information is discussed: Chapter 3, Prerequisites, describes the software required and the actions you must perform before you install the Web Services for Microsoft Dynamics GP. Chapter 4, Web Services Installation, describes the steps needed to install the web services. Chapter 5, Management Tools Installation, explains how to install the management tools available for the web services.
14
I N S T A LL AT IO N
A N D
A D M I N I S T R A T I O N
G U I D E
Chapter 3:
Prerequisites
Before installing Web Services for Microsoft Dynamics GP, there are several prerequisites needed. This portion of the documentation describes the software required and the additional steps that must be performed before installing the web services. The following topics are discussed: Server operating system Microsoft .NET 2.0 Framework Internet Information Services and ASP .NET Secure Sockets Layer (SSL) Windows Management Instrumentation service Microsoft Management Console (MMC) 3.0 Web service user account Microsoft Dynamics GP 9.0 SP1 Using web services with specific companies ISO currency codes
Other items might already be marked in the list. Click OK to accept the selections. Click Next to complete the installation, then click Finish to close the Windows Components Wizard.
INSTALLATION
AND
ADMINISTRATION
GUIDE
15
PA RT
I N S T A LL AT IO N
Enabling DTC
For Windows Server 2003, you can enable the network DTC through the Windows Components Wizard. To do this, complete the following procedure: 1. Open Add or Remove Programs. Choose to add or remove Windows Components. The Windows Components Wizard will be displayed.
2. Select the Application Server components. Click Details to display the Application Server Details.
Mark Enable network DTC access and click OK. 3. Complete the changes Click Next to complete the changes, and then click Finish to close the wizard.
16
I N S T A LL AT IO N
A N D
A D M I N I S T R A T I O N
G U I D E
C H A P T E R
PR ER EQ U I SIT E S
Configuring DTC
The default configuration for DTC can be used with Web Services for Microsoft Dynamics GP. If you have made modifications to the security configuration for DTC, you must be sure the following settings are being used: Network DTC Access enabled Allow Inbound communication Allow Outbound communication Mutual Authentication Required
To configure the Distributed Transaction Coordinator on Windows Server 2003, complete the following procedure: 1. Open Component Services. In the Administrative Tools accessed from the Start menu, choose Component Services. 2. Display the My Computer node. Expand the Component Services node, and then expand the Computers node to display the My Computer node.
3. Display properties for the My Computer node. Select the My Computer node, and then choose Properties from the Action menu. 4. Select the MSDTC tab. 5. Display the Transaction Configuration settings. Click Security Configuration to display the security settings for DTC.
INSTALLATION
AND
ADMINISTRATION
GUIDE
17
PA RT
I N S T A LL AT IO N
For improved security, this new user should be given minimal privileges. When you install Web Services for Microsoft Dynamics GP, you will need to supply the credentials for this new account.
18
I N S T A LL AT IO N
A N D
A D M I N I S T R A T I O N
G U I D E
C H A P T E R
PR ER EQ U I SIT E S
Country/Region
Australia Canada European Union Japan Mexico New Zealand Poland Singapore South Africa United Kingdom United States
Currency
Dollars Dollars Euros Yen Pesos Dollars Zlotych Dollars Rand Pounds Dollars
INSTALLATION
AND
ADMINISTRATION
GUIDE
19
20
I N S T A LL AT IO N
A N D
A D M I N I S T R A T I O N
G U I D E
Chapter 4:
Installation procedure
To complete the Web Services for Microsoft Dynamics GP installation, complete the following procedure: 1. Verify the user you are logged in as. The user you are currently logged in as must be in the Administrator role for the computer on which you are installing. This user will also become the initial Security Administrator for the Dynamics Security Service. This user will also be added to the Superuser role for the Dynamics GP web service, allowing access to all web service operations. 2. Start the Web Services for Microsoft Dynamics GP installer. The installer is named DynamicsGPWebServices.msi. The Welcome page of the installer will be displayed. Click Next to continue. 3. Review the license agreement. After reviewing the license agreement, mark the option to accept the terms and click Next to continue. 4. Specify the location of the Microsoft Dynamics GP data. In the Server Name field, supply the name of the machine that is running SQL Server and managing the data for Microsoft Dynamics GP. The installation program must connect to this database to complete the installation. You can use Windows Trusted Authentication or SQL Authentication (supplying the Administrator login ID and password).
Click Next to continue. If the database connection cannot be made, an error will be displayed. Correct the issue and continue.
INSTALLATION
AND
ADMINISTRATION
GUIDE
21
PA RT
I N S T A LL AT IO N
5. Select the web site and installation location. Specify the web site on the IIS server that should be used for the web services. Also, select the location where the files for the Web Services for Microsoft Dynamics GP will be installed. You can use the default location, or click Browse to specify a different location.
When you have made your selections, click Next to continue. 6. Specify the application account. This account will be used for the following: Application Pool user for Dynamics GP web service Application Pool user for Dynamics Security service Reader of ADAM Reader of AzMan User for SQL Server and the databases used for Microsoft Dynamics GP
Typically, you will enter the account that you created while performing the prerequisites for the installation. If you are installing Web Services for Microsoft Dynamics GP on a different machine than the SQL Server used to manage Microsoft Dynamics GP data, this must be a domain user account. If you are installing on the same machine as the SQL Server, it can be a local machine account. This case is shown in the following illustration:
If the account you specified has already been added as a user for Microsoft SQL Server, be sure the case for the Domain and User Name match those of the user ID in SQL. Click Next to continue.
22
I N S T A LL AT IO N
A N D
A D M I N I S T R A T I O N
G U I D E
C H A P T E R
W E B
S E R V I C E S
I N S T A L L A T I O N
7. Start the installation. Click Install to begin the installation process. The following additional installations may occur if they have not already been performed: eConnect Runtime Installation This installation can take several minutes, and may not display progress as it is being installed. If eConnect isnt installed, it will be installed for all companies. ADAM - This component (Active Directory Application Mode) is required by the Dynamics Security Service.
8. Complete the installation. After a few minutes, the installation will complete. Click Finish.
INSTALLATION
AND
ADMINISTRATION
GUIDE
23
PA RT
I N S T A LL AT IO N
Click OK to close the window. Additional nodes will be added in the left pane of the Dynamics Security Console. 4. Select the Policy node. Expand the Microsoft Dynamics Security node, and then expand the DynamicsGPWebServices node. Select the Policy node. A list of policy categories should be displayed. If it is, the Dynamics Security Service and its interaction with the Dynamics GP web service are operating properly.
24
I N S T A LL AT IO N
A N D
A D M I N I S T R A T I O N
G U I D E
C H A P T E R
W E B
S E R V I C E S
I N S T A L L A T I O N
Installation account
This is the account under which the installer for Web Services for Microsoft Dynamics GP is run. In addition to being an administrator on the system on which web services is being installed, this account is used for the following: Added to the Superuser role for the Dynamics GP web service Added as a Security Administrator for the Dynamics Security service An ADAM administrator
Application account
This is the account supplied during the Web Services for Microsoft Dynamics GP installation. It is used for the following: Application Pool user for Dynamics GP web service Application Pool user for Dynamics Security service Reader of ADAM Reader of AzMan User for SQL Server and the databases used for Microsoft Dynamics GP
What to do next
After the Web Services for Microsoft Dynamics GP have been installed and verified, consider taking the following steps: Set up the security for the Dynamics GP web service. Refer to Part 3, Security, for details about security configuration. Learn about actions you will need to take in the day-to-day operation of the web services. Details are found in Part 4, Running the Web Service. To learn about developing applications that use the Web Services for Microsoft Dynamics GP, install the Web Services for Microsoft Dynamics GP Software Development Kit (SDK).
INSTALLATION
AND
ADMINISTRATION
GUIDE
25
26
I N S T A LL AT IO N
A N D
A D M I N I S T R A T I O N
G U I D E
Chapter 5:
Prerequisites
To use the Management Tools for Microsoft Dynamics GP Web Services, your system must have the following: Microsoft .NET Framework 2.0 Microsoft Management Console (MMC) 3.0
The Microsoft .NET Framework 2.0 can be downloaded from the web site update.microsoft.com. The MMC 3.0 is available for download from www.microsoft.com. Search for Knowledge Base article KB907265. In the situation where the Web Services for Microsoft Dynamics GP have been installed for a network that does not have a domain controller, you cannot use the Management Tools for Microsoft Dynamics GP. The web services must be administered from the server where they were installed.
INSTALLATION
AND
ADMINISTRATION
GUIDE
27
PA RT
I N S T A LL AT IO N
The typical URL for the Microsoft Dynamics Security Administration service is: http://machine:port_number/DynamicsAdminService.asmx Notice this URL contains a port number. The port value 49152 is the default value that will be used when the Microsoft Dynamics Security Administration service is installed. Use this value when entering the URL. For example if the machine running the Microsoft Dynamics Security Administration service was named GPWebService, the URL would be: http://GPWebService:49152/DynamicsAdminService.asmx If this port value doesnt work to access the service, you will need to contact your administrator to find what port the Microsoft Dynamics Security Administration service is running on. Press the TAB key to accept the URL values entered, and then click Next to continue. 5. Begin the installation. Click Install to begin installing the management tools. 6. Finish the installation. After the management tools are installed, click Finish to complete the installation.
To use the Microsoft Dynamics Security console and the Microsoft Dynamics GP Web Service Exception Management console, a user must be assigned to the required roles and permission.
28
I N S T A LL AT IO N
A N D
A D M I N I S T R A T I O N
G U I D E
PART 3: SECURITY
Part 3: Security
This portion of the documentation provides detailed information about managing security for the Web Services for Microsoft Dynamics GP. The following items are discussed: Chapter 6, Web Services Security, explains how to configure and control security access for the Dynamics GP web service. Chapter 7, Policy, describes how policy is used to control web service operations. Chapter 8, Authentication Methods, describes how to control what authentication method is used for the web services.
30
I N S T A LL AT IO N
A N D
A D M I N I S T R A T I O N
G U I D E
Chapter 6:
Overview
The Microsoft Dynamics Security Service provides security features for various Microsoft Dynamics applications and features, such as Web Services for Microsoft Dynamics GP. The Microsoft Dynamics Security Service controls access to the operations that can be performed by users of the Dynamics GP web service.
Security Administrator
The Security Administrator uses the Microsoft Dynamics Security Console to configure which users have access to web service operations. A user must be designated as a Security Administrator in order to access the Microsoft Dynamics Security Console and configure security settings. The user who initially installed Web Services for Microsoft Dynamics GP is automatically a Security Administrator. To designate which users will be Security Administrators for the Microsoft Dynamics Security Service, complete the following steps: 1. Select the Microsoft Dynamics Security node. In the left pane of the Dynamics Security Console, select the Microsoft Dynamics Security node. 2. Choose to define Security Administrators. In the Action menu, choose Define Security Administrators. The Security Administrators window will appear. 3. Add or remove users. Click Add to select additional users to become Security Administrators. To remove current users, select them in the list and click Remove. 4. Close the Security Administrators window. Click OK to close the window and save your changes.
Selecting applications
Before you can control security settings, you must select the applications that you want to administer security for. To select applications, complete the following steps: 1. Select the Microsoft Dynamics Security node in the left pane of the Dynamics Security Console.
INSTALLATION
AND
ADMINISTRATION
GUIDE
31
PA RT
S E C U R I T Y
2. Choose to select applications to administer. In the Action menu, choose Select Applications. The Select Applications window will appear.
3. Select the Security Administration Service. This is the web service that controls administration for the Microsoft Dynamics Security Service. 4. Mark the applications to administer security for. The available applications for the selected security administration service will be listed. For example, mark the Dynamics GP Web Services application to configure security settings for it. 5. Close the Select Applications window. Click OK to close the window and save your changes.
Administering security
As you configure security settings with the Dynamics Security Console, its important to understand when those changes will become effective. To improve the performance of the Microsoft Dynamics Security Service, the various security settings for each application are cached. This cache is refreshed by default every 20 minutes. When you make changes to the security settings, the changes will not become effective until the cache is refreshed. This could be up to 20 minutes from the time the changes are made. The web services administrator can change the cache refresh interval to a lower value (with a minimum of 5 minutes) by editing the configuration for the application. For example, to change the cache timeout for the Dynamics GP web service, you would edit the web.config file for this application, typically found at the location: C:\Program Files\Microsoft Dynamics\GPWebServices\WebServices\web.config The following key would be added to the <appSettings> section of this configuration file: <add key= AzManCacheRefreshInterval value=300000/> The interval is specified in milliseconds, so divide by 60,000 to see the time in minutes. The previous setting will set the interval to the minimum 5 minutes.
32
I N S T A LL AT IO N
A N D
A D M I N I S T R A T I O N
G U I D E
C H A PT E R
W EB
S E R V I C E S
S EC U R I T Y
Tasks
Operations are the individual actions that can be performed by the application for which security is being configured. For instance, the web service operations that can be performed by the Dynamics GP web service are displayed as operations in the Dynamics Security console. Tasks provide a way to group related operations together. A task can contain the following: Individual operations Other tasks
Predefined tasks
Applications typically have several tasks already defined for them. For instance, the Dynamics GP Web Services application has the View Commissions task defined. This task contains the Query Salesperson Commissions and View Salesperson Commissions operations. One predefined task has special importance. The View Company Information task contains all of the operations needed to interact with the Dynamics GP web service. This task is automatically assigned to every role that is created. Its important that you dont remove any operations from the View Company Information task. Doing so could prevent users from accessing the Dynamics GP web service.
Creating tasks
You can create additional tasks to manage security access within an application. To create a new task, complete the following steps: 1. Select the Tasks node in the left pane of the Dynamics Security Console. 2. Choose to create a new task. In the Action menu, choose New. The New Task window will appear. 3. Name the task. 4. Provide a task description. The description will be displayed in the Actions pane when you select the task in the Dynamics Security Console. 5. Select the keyword for the new task (optional). The keyword indicates in what area of Microsoft Dynamics the task applies. 6. Add operations or other tasks to the new task. Click the Add button to display the Add Task Definition window. Use this window to select the individual operations and other tasks you want to include in the new task. Click OK to add the operations and tasks.
INSTALLATION
AND
ADMINISTRATION
GUIDE
33
PA RT
S E C U R I T Y
7. Save the task definition. Click OK to save the new task definition.
Modifying tasks
You can modify tasks that have already been created for an application. To modify a task, complete the following steps: 1. Select the Tasks node in the left pane of the Dynamics Security Console. 2. Select the task you want to modify. 3. Choose to modify the task. In the Action menu, choose Properties. The properties for the task will be displayed. Make the necessary changes to the task and click OK to save them.
Copying tasks
You can create a new task by starting with a copy of an existing task. This is useful when the new task has many characteristics that are the same as those of an existing task. To copy a task, complete the following steps: 1. Select the Tasks node in the left pane of the Dynamics Security Console. 2. Select the task you want to copy. 3. Choose to copy the task. In the Action menu, choose Copy. The Copy Task window will be displayed. Make the necessary changes to the new task and click OK to save them.
Deleting tasks
To delete a task, complete the following steps: 1. Select the Tasks node in the left pane of the Dynamics Security Console. 2. Select the task you want to delete. 3. Choose to delete the task. In the Action menu, choose Delete. A dialog will be displayed, asking you whether you want to delete the task. Click Yes to delete the task, or No to cancel the delete operation.
34
I N S T A LL AT IO N
A N D
A D M I N I S T R A T I O N
G U I D E
C H A PT E R
W EB
S E R V I C E S
S EC U R I T Y
Roles
A role contains a set of operations, tasks, or other roles. Roles are used to group together the actions that can be performed by users who will be assigned to the role.
Predefined roles
Applications typically have several roles already defined for them. For instance, the Dynamics GP Web Services application has the Sales Representative role defined. This role contains tasks that would be performed by somebody assigned to this role, such as Manage All Sales Transactions and Manage Customers.
Creating roles
You can create additional roles to manage security access within an application. To create a new role, complete the following steps: 1. Select the Roles node in the left pane of the Dynamics Security Console. 2. Choose to create a new role. In the Action menu, choose New. The New Role window will appear. 3. Name the role. 4. Provide a role description. The description will be displayed in the Actions pane when you select the role in the Dynamics Security Console. 5. Add tasks, operations, or other roles to the new role. Click the Add button to display the Add Role Definition window. Use this window to select the individual tasks, operations, and other roles you want to include in the new role. Click OK to add the selected items.
INSTALLATION
AND
ADMINISTRATION
GUIDE
35
PA RT
S E C U R I T Y
Every role created will automatically include the View Company Information task. The operations in this task are required for users assigned to the role to use the Dynamics GP web service. Dont delete operations from this task. 6. Save the role definition. Click OK to save the new role definition.
Modifying roles
You can modify roles that have already been created for an application. To modify a role, complete the following steps: 1. Select the Roles node in the left pane of the Dynamics Security Console. 2. Select the role you want to modify. 3. Choose to modify the role. In the Action menu, choose Properties. The properties for the role will be displayed. Make the necessary changes to the role and click OK to save them.
Copying roles
You can create a new role by starting with a copy of an existing role. This is useful when the new role has many characteristics that are the same as those of an existing role. To copy a role, complete the following steps: 1. Select the Roles node in the left pane of the Dynamics Security Console. 2. Select the role you want to copy. 3. Choose to copy the role. In the Action menu, choose Copy. The Copy Role window will be displayed. Make the necessary changes to the new role and click OK to save them.
36
I N S T A LL AT IO N
A N D
A D M I N I S T R A T I O N
G U I D E
C H A PT E R
W EB
S E R V I C E S
S EC U R I T Y
Deleting roles
To delete a role, complete the following steps: 1. Select the Roles node in the left pane of the Dynamics Security Console. 2. Select the role you want to delete. 3. Choose to delete the role. In the Action menu, choose Delete. A dialog will be displayed, asking you whether you want to delete the role. Click Yes to delete the role, or No to cancel the delete operation.
INSTALLATION
AND
ADMINISTRATION
GUIDE
37
PA RT
S E C U R I T Y
2. Select the group you want to modify. 3. Choose to modify the group. In the Action menu, choose Properties. The properties for the enterprise level group will be displayed. Make the necessary changes to the group and click OK to save them.
38
I N S T A LL AT IO N
A N D
A D M I N I S T R A T I O N
G U I D E
C H A PT E R
W EB
S E R V I C E S
S EC U R I T Y
3. Name the group. 4. Provide a group description. The description will be displayed in the Actions pane when you select the application level group in the Dynamics Security Console. 5. Add members to the group. Display the User Members or Group Members tabs to add individual users or other groups to the group being created. 6. Save the application level group definition. Click OK to save the new application level group definition.
INSTALLATION
AND
ADMINISTRATION
GUIDE
39
PA RT
S E C U R I T Y
Role assignments
A role assignment consists of the following: A role (with its associated tasks and operations) A company or companies A user or group for which access is being granted
When the role assignment is created, the users or groups of users will have access to the items in the role for the specified company or companies.
40
I N S T A LL AT IO N
A N D
A D M I N I S T R A T I O N
G U I D E
Chapter 7:
Policy
The policy system for the Dynamics GP web service allows the web service administrator and the application using the web service to control how business objects are created, updated, or deleted. The following items are discussed: Overview Editing a policy instance Creating a new policy instance Deleting a policy instance
Overview
Each create, update, and delete web service operation has a policy object that is passed with the operation. This policy object specifies the set of behaviors for the operation. Each behavior controls one characteristic for the operation being performed. For instance, the policy for the CreateCustomer web method has the behavior named Create Active Behavior. This behavior controls whether the customer being created is set to the active or inactive state. Behaviors are classified as internal or external. An internal behavior is one that can be specified only through the Dynamics Security Console. An external behavior is one that can be specified by the application that is calling the web method and passing in the policy object.
Policy administrator
The policy administrator uses the Microsoft Dynamics Security Console to configure the various policies for the Dynamics GP web service. To manage polices with the Microsoft Dynamics Security Console, a user must be designated as a Security Administrator. The user must also be assigned to the Policy Administrator role. When you assign a user to the Policy Administrator role, the user will be able to manage policies for all companies. Refer to Role assignments on page 40 for details about assigning roles. The user who initially installed Web Services for Microsoft Dynamics GP is automatically a Security Administrator. That user is also assigned to the Superuser role, which has access to the Manage Policies task.
Policy instances
Each company has a set of default policies that are available. There is one default policy for each web service operation that requires a policy. Within a company, additional versions of the policy (with different behavior settings) can be created for each role defined in the Dynamics Security Service. Each of these is called a policy instance. When a web service application retrieves a policy to use, the Dynamics GP web service applies logic to ensure the appropriate policy instance is returned. Applications that call the Dynamics GP web service can specify the role to use for the web service call. If a policy instance exists for that role, it will be used. Developers creating applications that use the Dynamics GP web service are encouraged to not explicitly set the role. Instead, they should let the Dynamics GP web service find what role the user of the application is assigned to, so the correct policy instance can be used. Be aware that the Dynamics GP web service will set the role for a user only if the user is assigned to a single role. If the user is assigned to more than one role, the role wont be set, and the default policy instance will be used. For this reason, its a good idea to limit the number of roles you assign a user to.
INSTALLATION
AND
ADMINISTRATION
GUIDE
41
PA RT
S E C U R I T Y
6. Edit the individual behaviors. Select a behavior in the list. The details of the behavior will be displayed. Use the Behavior Option drop-down list to specify the behavior option that you want to use.
42
I N S T A LL AT IO N
A N D
A D M I N I S T R A T I O N
G U I D E
C H A P T E R
P O LI C Y
Some behavior options allow you to supply a specific value that will be used, such as a transaction date. If you select one of these behavior options, the Set Parameters button will become active. Click this button to open the Set Parameters window. In the Parameter Value column, supply the value to use for the parameter and click OK.
7. Save the changes. When you have finished making changes to the behaviors, click OK to save the policy instance.
INSTALLATION
AND
ADMINISTRATION
GUIDE
43
PA RT
S E C U R I T Y
44
I N S T A LL AT IO N
A N D
A D M I N I S T R A T I O N
G U I D E
Chapter 8:
Authentication Methods
As the administrator of the Web Services for Microsoft Dynamics GP, we encourage you to take the steps to fully secure them. This includes specifying the authentication mode used when accessing the web services. The following items are discussed: Supported authentication methods Enabling Kerberos for the web services Registering the SPN
Enabling Kerberos
To enable Kerberos for the web services, complete the following procedure: 1. Open a command prompt. In the Start menu, choose Run. Type cmd and click OK. 2. Set the working directory. The the working directory to the following location: C:\inetpub\adminscripts The configuration script you need to run is located here.
INSTALLATION
AND
ADMINISTRATION
GUIDE
45
PA RT
S E C U R I T Y
3. Find the virtual server ID numbers. Open Internet Information Services Manager. View the web site on which the web services are installed. the virtual server ID number is listed in the Identifier column.
4. Enable Kerberos authentication for the Dynamics GP web service. To enable Kerberos authentication for the Dynamics GP web service, type the following command at the command prompt, replacing ## with the virtual server ID you found in the previous step:
cscript adsutil.vbs set w3svc/##/ROOT/DynamicsGPWebServices/ NTAuthenticationProviders "Negotiate,NTLM"
5. Enable Kerberos authentication for the Dynamics Security web service. To enable Kerberos authentication for the Dynamics Security web service, type the following command at the command prompt, replacing ## wih the virtual server ID you found earlier:
cscript adsutil.vbs set w3svc/##/ROOT/DynamicsSecurityService/ NTAuthenticationProviders "Negotiate,NTLM"
6. Reset IIS. For the changes to take effect, you must reset IIS. Do this by typing the following command at the command prompt:
iisreset
Disabling Kerberos
To disable Kerberos for the web services and return to NTLM authentication, complete the previous procedure, but specify the NTLM authentication method. For example, the following command sets the Dynamics GP web service to use NTLM authentication:
cscript adsutil.vbs set w3svc/##/ROOT/DynamicsGPWebServices/ NTAuthenticationProviders "NTLM"
46
I N S T A LL AT IO N
A N D
A D M I N I S T R A T I O N
G U I D E
C H A P T E R
A U TH E N TI CA TI O N
M E T HO D S
If these conditions are true, you must have the Domain Administrator register the SPN for the domain account. To do this, complete the following steps: 1. Obtain the SetSPN.exe command-line tool. To obtain this tool, go to the following location: http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/ setspn-o.asp 2. Open a command prompt. In the Start menu, choose Run. Type cmd and click OK. 3. Use the SetSPN.exe tool to register the machine name and user. To do this, enter the following command:
setspn -A HTTP/ServerName Domain\UserName
Replace ServerName with the machine name on which web services are being run. Replace Domain and UserName with the domain and name for the user account under which web services are being run. 4. Use the SetSPN.exe tool to register the fully-qualified machine name. To do this, enter the following command:
setspn -A HTTP/ServerName Domain\UserName
Replace ServerName with the fully-qualified domain name (FQDN) of the machine on which web services are being run. (You can find this name in the properties for My Computer.) Replace Domain and UserName with the domain and name for the user account under which web services are being run.
INSTALLATION
AND
ADMINISTRATION
GUIDE
47
48
I N S T A LL AT IO N
A N D
A D M I N I S T R A T I O N
G U I D E
50
I N S T A LL AT IO N
A N D
A D M I N I S T R A T I O N
G U I D E
Chapter 9:
Troubleshooting
If you encounter problems with the Web Services for Microsoft Dynamics GP, the following sections may be helpful. They describe some of the most common situations that can occur while running the web services. The following items are discussed: Exceptions Web service does not respond Security Policy
Exceptions
The following are common exceptions that may occur when applications are working with the Dynamics GP web service:
INSTALLATION
AND
ADMINISTRATION
GUIDE
51
PA RT
R U N N I N G
T H E
W E B
S ER V I C E
Extensions
Applications that access the Dynamics GP web service may have extensions that you needed to install. These web service extensions require changes to the BusinessObjectsFile.config (in the Dynamics GP web service installation) to register the extension for a web service event. If the edit creates an error in the contents of the configuration file, the web service may no longer respond. Always make a backup copy of the BusinessObjectsFile.config prior to editing the file. Store the copy to a safe location. Use the backup copy to restore the web service if problems occur. If changes to the BusinessObjectsFile.config prevent a web method from responding, open the Exception Management Console to identify the source of the error. Edit the BusinessObjectsFile.config to correct the specified error. Restart Internet Information Services (IIS) to ensure the changed BusinessObjectsFile.config is used.
Security
The following is a list of issues associated with the Dynamics Security Administration service:
52
I N S T A LL AT IO N
A N D
A D M I N I S T R A T I O N
G U I D E
C H A P T E R
TR O U B L E S H O O T I N G
Policy
The following is an issue that occurs when using policies with the Dynamics GP web service:
INSTALLATION
AND
ADMINISTRATION
GUIDE
53
54
I N S T A LL AT IO N
A N D
A D M I N I S T R A T I O N
G U I D E
Chapter 10:
Types of events
The Dynamics GP web service can log the following events: Success These are requests to perform operations in Dynamics GP web service that were allowed by the current security settings. Its most useful to log these events when youre trying to assess the level of activity for the Dynamics GP web service. Fail These are requests to perform operations in the Dynamics GP web service that were denied by the current security settings. Its most useful to log these events when your trying to track unauthorized activity for the Dynamics GP web service.
Configuring logging
To enable logging, you must adjust some settings in the web.config file for the Dynamics GP web service. This file is typically found at this location: C:\Program Files\Microsoft Dynamics\GPWebServices\WebServices\web.config Using a text editor, open the web.config file for the Dynamics GP web service. In the <appSettings> section of the file, you will see the keys that control logging.
Events to log
To specify which types of events to log, set the following key: <add key ="SecurityRuntimeAuditLogType" value="SuccessFail"/> The following table shows the possible values for this key:
Value
Success Fail SuccessFail
Description
Log only successful access attempts. Log only failed access attempts. Log both successful and failed access attempts.
INSTALLATION
AND
ADMINISTRATION
GUIDE
55
PA RT
R U N N I N G
T H E
W E B
S ER V I C E
Log location
To specify the location of the log, set the following key: <add key ="SecurityRuntimeAuditLogFolder" value="C:\Program Files\Microsoft Dynamics\GPWebServices\LogFiles"/> The user that the Dynamics GP web service application pool is being run as must have write access to the location that you specify.
Example log
The following shows a portion of a security audit log that was logging both successful and failed access attempts.
<!--------------------------------------------------------------------------------------------> <!-- SecurityRuntimeService: created on 2006-04-21 16:45:53Z --> <log action='CheckAccess' operation='View Customers' member='HORIZON\kberg' result='Success' datetime='2006-04-21 16:45:55Z'> <context user='HORIZON\kberg' type='Scope'> <application name='Dynamics GP Web Services' key='25cc1a21-2cc4-4b13-a1c8-eea186fb688a' /> <scope name='TWO' key='-1' /> </context> </log> <log action='CheckAccess' operation='View Vendors' member='HORIZON\mallen' result='Fail' datetime='2006-04-21 16:48:28Z'> <context user='HORIZON\mallen' type='Scope'> <application name='Dynamics GP Web Services' key='25cc1a21-2cc4-4b13-a1c8-eea186fb688a' /> <scope name='TWO' key='-1' /> </context> </log> <!-------------------------------------------------------------------------------------------->
Configuring logging
By default, the logging for te Dynamics Security Admin web service is enabled. To configure the logging, you must adjust some settings in the web.config file for the Dynamics Security Admin web service. This file is typically found at this location: C:\Program Files\Common Files\Microsoft Shared\Microsoft Dynamics\Security Admin Service\WebServices\web.config Using a text editor, open the web.config file for the Dynamics Security Admin web service. In the <appSettings> section of the file, you will see the keys that control logging.
56
I N S T A LL AT IO N
A N D
A D M I N I S T R A T I O N
G U I D E
C H A P T E R
1 0
L O G G I N G
A N D
A U D I T I N G
Log location
To specify the location of the log, set the following key: <add key="SecuritySetupAuditLogFile" value="C:\Program Files\Common Files\ Microsoft Shared\Microsoft Dynamics\Security Admin Service\Logfiles\ SecuritySetupAudit.log" />
Example log
The following shows a portion of a security setup audit log that shows a security change that was made to assign a user to a role.
<log action='Create' type='RoleAssignment' name='Sales Representative' datetime='2006-05-01 18:22:33Z'> <context user='HORIZON\kberg' type='Application'> <application name='Dynamics GP Web Services' key='25cc1a21-2cc4-4b13-a1c8-eea186fb688a' /> </context> <values> <fieldValues key='aaeb72e0-77f9-4925-ab9a-73012417fb37' /> <members> <member value='HORIZON\mallen' /> </members> </values> </log>
INSTALLATION
AND
ADMINISTRATION
GUIDE
57
58
I N S T A LL AT IO N
A N D
A D M I N I S T R A T I O N
G U I D E
Chapter 11:
Making Backups
Web Services for Microsoft Dynamics GP is an important component of the Microsoft Dynamics GP installation. It should be included in the standard backup strategy you use to create backups for the accounting system. The following sections describe the specific areas you should consider: SQL tables ADAM database Web service installation
SQL tables
Web Services for Microsoft Dynamics GP stores data in several tables managed by the SQL Server. Several tables are found in the system (DYNAMICS) database, while other tables are found in each companys database. When you create backups of these databases, the information in these tables should be included. They contain setup information for the web services, policy configurations, and exception information.
ADAM database
The ADAM database used by the Dynamics Security Services stores most of the security settings for the web services installation. You should create a backup for this database, to avoid having to re-create the security settings you have made. The ADAM database file, Adamntds.dit, and the associated log files are found in Program Files\Microsoft ADAM\DynamicsSecurityService\Data. These files should be included as part of the regular backup plan of your organization. You can back up the directory stores using any standard backup program, such as the Backup Utility for Windows.
Restoring ADAM
When you restore a database to an existing ADAM instance, you must stop the ADAM instance before you run the restore operation. In addition, it is recommended that you move (or delete) the existing database and log files from the ADAM instance before beginning the restore operation. Refer to the ADAM online help for details about performing these management tasks.
Authoritative Restore
If objects in the directory are inadvertently deleted or modified, and if those objects are replicated in a configuration set, you must authoritatively restore those objects so that the correct version of the objects is replicated. To authoritatively restore directory data, run the dsdbutil.exe utility (an ADAM command-line utility) after you have restored the data but before you restart the ADAM instance. With dsdbutil, you can mark directory objects for authoritative restore. When an object is marked for authoritative restore, its metadata version number is changed so that the number is higher than any other metadata version number in the configuration set. This ensures that any data you restore is properly replicated throughout the configuration set.
INSTALLATION
AND
ADMINISTRATION
GUIDE
59
PA RT
R U N N I N G
T H E
W E B
S ER V I C E
Typical location
C:\Program Files\Microsoft Dynamics\GPWebServices\ WebServices C:\Program Files\Microsoft Dynamics\GPWebServices\ WebServices\Bin
Description
This configuration file contains configuration information for the Dynamics GP web service. This file contains the events that are registered for the Dynamics GP web service, including those added for third-party extensions to the web service. This configuration file for the Dynamics Security Administration web service includes the list of users who are Security Administrators. This configuration file for the Dynamics Security web service includes setup information for Dynamics Security.
BusinessObjectsFile.config
web.config
C:\Program Files\Common Files\Microsoft Shared\Microsoft Dynamics\Security Admin Service\ Web Services C:\Program Files\Common Files\Microsoft Shared\Microsoft Dynamics\Security Service\WebServices
web.config
60
I N S T A LL AT IO N
A N D
A D M I N I S T R A T I O N
G U I D E
Chapter 12:
INSTALLATION
AND
ADMINISTRATION
GUIDE
61
PA RT
R U N N I N G
T H E
W E B
S ER V I C E
3. Create the connection string. Click the lookup button to open the Data Link Properties window. Specify the server name and the database name used for the new company.
Test the connection, and then click OK to create the connection string. Click Next to continue. 4. Begin the installation. Click Install to begin installing eConnect for the new company.
After eConnect support has been added to the company, click Finish. 5. Close the wizard. Click Finish to close the wizard.
62
I N S T A LL AT IO N
A N D
A D M I N I S T R A T I O N
G U I D E
C H A P T E R
1 2
A DD IN G
A D DI TI O N AL
C O M P A N IE S
2. Install an additional company. Click Install Additional Company. 3. Specify the database and SQL login information. Specify the SQL Server that is managing data for the Dynamics GP installation. The installation program must connect to this database to complete the installation for the new company. You can use Windows Trusted Authentication or SQL Authentication (supplying the Administrator login ID and password). Click Next to continue. 4. Start the installation. Click Install to begin installing web services for the new company. 5. Finish the installation. Click Finish to complete the installation.
INSTALLATION
AND
ADMINISTRATION
GUIDE
63
64
I N S T A LL AT IO N
A N D
A D M I N I S T R A T I O N
G U I D E
Chapter 13:
Repair options
The basic repair routine for Web Services for Microsoft Dynamics GP will reinstall the files needed, re-create basic configuration information, and repair any registry settings. Essentially, the installation will be in the same state it was immediately after it was initially installed. When performing a repair operation, two additional options are available: You can re-create the items used for exception management. Doing so will delete any previous exception information that was logged by the Dynamics GP web service. You can choose to reload default security items, such as roles and tasks. If you choose this repair option, all of your existing security settings will be lost. Use this option only if you are certain you want to rebuild security data.
Repair procedure
To repair the Web Services for Microsoft Dynamics GP installation, complete the following steps: 1. Modify the Web Services for Microsoft Dynamics GP installation. In Add or Remove Programs, choose Web Services for Microsoft Dynamics GP and click Change. The program maintenance options will be displayed.
INSTALLATION
AND
ADMINISTRATION
GUIDE
65
PA RT
R U N N I N G
T H E
W E B
S ER V I C E
3. Choose the repair options. If you want to re-create or re-load any of the exception management or security data, mark the corresponding options. Click Next to continue. 4. Specify the location of the Microsoft Dynamics GP data. In the Server Name field, supply the name of the machine that is running SQL Server and managing the data for Microsoft Dynamics GP. The installation program must connect to this database to complete the repair operation. You can use Windows Trusted Authentication or SQL Authentication (supplying the Administrator login ID and password).
Click Next to continue. If the database connection cannot be made, an error will be displayed. Correct the issue and continue. 5. Specify the application account. Typically, you will enter the account that you created while performing the initial installation of Web Services for Microsoft Dynamics GP. If the installation of Web Services for Microsoft Dynamics GP is on a different machine than the SQL Server used to manage Microsoft Dynamics GP data, this must be a domain user account. If you are repairing an installation on the same machine as the SQL Server, it can be a local machine account. This case is shown in the following illustration:
If the account you specified has already been added as a user for Microsoft SQL Server, be sure the case for the Domain and User Name match those of the user ID in SQL. Click Next to continue.
66
I N S T A LL AT IO N
A N D
A D M I N I S T R A T I O N
G U I D E
C H A P T E R
1 3
R EP A I R I N G
W E B
S E R V I C E S
6. Start the repair process. Click Repair to start the repair process. The process can be quite lengthy, especially if you have several companies in your Microsoft Dynamics GP installation. 7. Complete the repair process. Click Finish to complete the repair process.
INSTALLATION
AND
ADMINISTRATION
GUIDE
67
68
I N S T A LL AT IO N
A N D
A D M I N I S T R A T I O N
G U I D E
Glossary
ADAM
Active Directory Application Mode. A special stand-alone version of Active Directory that is used by the Dynamics Security service to store and manage security information.
eConnect
A set of SQL stored procedures and supporting code used by integrating applications to acccess data in Microsoft Dynamics GP.
SOAP
Simple Object Access Protocol. The XMLbased protocol used to communicate with a web service.
Web reference
A URL that points to the .asmx file that defines the web service.
Web service
A software system that provides data and services to other applications. Web services use standard Internet transport protocols such as Hypertext Transfer Protocol (HTTP) and standard XML-based document formats such as Simple Object Access Protocol (SOAP) to exchange information.
WSDL
Web Service Description Language. The XML-based language used to describe web services.
INSTALLATION
AND
ADMINISTRATION
GUIDE
69
70
I N S T A LL AT IO N
A N D
A D M I N I S T R A T I O N
G U I D E
Index
A
accounts application account 25 Dynamics GP ADAM account 25 installation account 25 used for Web Services for Microsoft Dynamics GP 25 ADAM backing up for web services 59 defined 69 installation 23 restoring from backup 59 Adding Additional Companies, chapter 61-63 additional companies, adding for web services 61 application account, for web services installation 25 application level groups copying 39 creating 38 deleting 39 described 38 modifying 39 applications developing for web services 2 selecting for Dynamics Security Service 31 ASP .NET, required for web services 15 authentication methods chapter 45-47 for web services 45 Kerberos 45 NTLM 45 verifying method used 47 Authorization Manager, defined 69 AzMan, see Authorization Manager
D
Distributed Transaction Coordinator, see DTC documentation, symbols and conventions 2 DTC configuring 17 described 16 enabling 16 Dynamics GP ADAM account, for web services installation 25 Dynamics GP web service see also web services adding additional companies 61, 63 architecture 9 capabilities 8 configurations 9 for specific companies 18 installation 21 not responding 52 overview 7 policy 41 prerequisites for installing 15 security overview 31 troubleshooting 51 URL for accessing 23 verifying installation 23 Dynamics GP Web Services Exceptions console described 11, 51 illustration 11 Dynamics Security console described 31 illustration 10 Dynamics Security Service administering 32 application level groups 38 cache 32 defined 69 described 10 enterprise level groups 37 overview 31 port used for 28 role assignments 40 roles 35 Security Administrator 31 selecting applications 31 tasks 33 troubleshooting 52
enterprise level groups (continued) deleting 38 described 37 modifying 37 Error Viewer role assigning for all companies 28 described 35 errors, resolving for web service 51 exceptions described 11 list of 51 unhandled system exceptions 51 extensions to web service, troubleshooting 52 external behaviors, described 11
F
failed access events, logging 55
G
groups application level groups 38 enterprise level groups 37
I
IIS, required for web services 15 installation account for web services installation 25 part 14-28 procedure for web services 21 insufficient authorization errors, troubleshooting 51 internal behaviors, described 11 ISO currency codes adding to Microsoft Dynamics GP 19 list of 19 required for web services 19
K
Kerberos authentication described 45 disabling 46 enabling 45 registering the SPN 47
B
backups, making for web services 59 behavior options, parameters for 43 behaviors described 11, 41 editing 42 types 41 benefits, of web services 7
L
light bulb symbol 2 logging configuring Dynamics GP web service 55 Dynamics Security Admin web service 56 Dynamics GP web service access 55 Dynamics Security Admin web service 56 example log 56, 57 Logging and Auditing, chapter 55-57
C
cache, for Dynamics Security Service 32 companies adding eConnect support 61 adding web services support 61, 63 web services for specific companies 18 configurations, for web services 9 conventions, in documentation 2
E
eConnect adding support for additional companies 61 defined 69 described 9 installation 23 encrypting data, using SSL 15 enterprise level groups copying 38 creating 37
M
Making Backups, chapter 59-60
INSTALLATION
AND
ADMINISTRATION
GUIDE
71
IN DEX
management tools accessing 28 installing 27 prerequisites 27 requires roles and permission 28 URLs for 27 Management Tools Installation, chapter 27-28 margin notes 2 Microsoft Dynamics GP, version required for web services 18 Microsoft Dynamics Security Service, see Dynamics Security Service Microsoft Management Console described 10, 18 installing 18 MMC, see Microsoft Management Console
U
unhandled system exceptions 51 URL for Dynamics GP web service 23 for management tools 27 user accounts, see accounts
R
refresh interval, for Dynamics Security Service 32 repair options, for web services 65 repairing web services chapter 65-67 described 65 procedure 65 role assignments adding 40 deleting 40 described 40 roles copying 36 creating 35 deleting 37 described 35 modifying 36 predefined roles 35 special predefined roles 35 Running the Web Service, part 50-67
V
validation errors, resolving for web service 51 verifying web service installation 23 View Company Information, task 33
N
.NET Framework, required for web services 15 NTLM authentication, described 45
O
operating system, required for web services 15
P
parameters, for behavior options 43 policy behaviors 41 chapter 41-44 described 11, 41 overview 41 troubleshooting 53 policy administrator assigning 41 described 41 Policy Administrator role 35 policy instances creating 43 deleting 44 described 41 editing 42 port, for Microsoft Dynamics Security Administration service 28 predefined roles 35 tasks 33 prerequisites .NET Framework 15 ASP .NET 15 chapter 15-19 DTC 16 for web services 15 IIS 15 ISO currency code 19 Microsoft Dynamics GP 18 MMC 18 server operating system 15 user account for installation 18 WMI service 16
warning symbol 2 web reference, defined 69 Web Service Architecture, chapter 9-11 Web Service Basics, part 6-11 web service user account, for Dynamics GP web services 18 web services see also Dynamics GP web service architecture 9 authentication modes 45 backups for 59 S benefits 7 SDK, for Web Services for Microsoft configurations 9 Dynamics GP 2 defined 69 secure sockets layer, using with web described 7 services 15 developing applications for 2 Security, part 30-47 events to be logged 55 Security Administrator files to include in backup 60 described 31 logging events 55 designating users for 31 logging security changes 56 for Microsoft Dynamics Security 28 management tools 27 security service, see Dynamics Security overview 7 Service repairing 65 Service Principal Name, see SPN security for 10 site, used for web services 22 support 3 SOAP troubleshooting 51 defined 69 Web Services Installation, chapter 21-25 described 7 Web Services Security, chapter 31-40 SPN, registering 47 web site, used for web services 22 SQL tables, backing up for web services 59 Windows Management Instrumentation SSL, using with web services 15 service 16 successful access events, logging 55 WMI service 16 Superuser role 35 WSDL, defined 69 support, for Microsoft Dynamics GP web services 3 symbols in documentation 2
T
tasks copying 34 creating 33 deleting 34 described 33 modifying 34 predefined tasks 33 technical support, for Microsoft Dynamics GP web services 3 troubleshooting, chapter 51-53
72
I N S T A LL AT IO N
A N D
A D M I N I S T R A T I O N
G U I D E