We have just installed Microsoft Dynamics Great Plains and to our dismay we find that users with admin rights within the application to create new users are assigned the security admin fixed server role. It appears this gives these users (accountants) rights to change the sql server sa password from within the GP application. YIKES!
Can the sa password be protected from being changed by users with the security admin role? These users need to be able to create new server logins, but not change the sa password!
Anyone have this experience with GP? I've seen some articles on this very issue dealing with older versions of GP.