Viewing Your GP Security in SmartList Using a SmartList Builder Setup Guide

If you’ve ever tried to pull a clean report of who has access to what in Microsoft Dynamics GP, you already know the pain. The out-of-the-box security inquiry windows only get you so far, and unless you’re comfortable running the SQL scripts from Microsoft’s old role-based security FAQ, you end up piecing things together by hand.

The good news: if you have SmartList Builder registered, there’s a much easier way. You can import a few pre-built SmartList Builder definitions and view your GP security right inside SmartList—no SQL required.

What You’ll Be Able to See

The download below includes three SmartList Builder exports. Once imported, they’ll give you three new SmartLists:

1. Role Task Assignment Security.xml – Shows the security setup of your roles and the tasks assigned to each one.

2. User Task Security.xml – Shows the tasks each user inherits based on the roles they belong to.

3. User Security Setup.xml – Shows every Window and Report each user has access to.

A quick heads-up: these focus on Windows and Reports. They don’t currently surface SmartLists, Modified Reports/Forms, or some of the newer object types. It’s still one of the fastest ways to audit GP security without writing a single query.

Download the SmartList Exports

Grab MDGP_SLBSecurity Exports.zip, which contains all three XML files:

Download SmartList Exports

Importing the SmartLists into Dynamics GP

Once you’ve unzipped the file, here’s how to get the SmartLists into GP:

1. Log in to Microsoft Dynamics GP as a user with access to SmartList Builder.

2. Go to Microsoft Dynamics GP > Tools > SmartList Builder > Import.

3. Click the folder icon and browse to the XML file you want to import.

4. Run the import. The new SmartList will be available the next time you open SmartList Builder (or SmartList itself).

Repeat for each of the three files.

One More Step: Populate the SY09400 Table

For the SmartLists to actually return the names of the Windows and Reports (instead of cryptic resource IDs), you need to populate the SY09400 Security Resource Descriptions table. This is a one-time step on each company database.

Before you start: make sure you have current backups of your Dynamics system database and your company databases, and have all users log out of GP.

1. Confirm valid backups of the Dynamics and company SQL databases.

2. Get everyone out of Microsoft Dynamics GP.

3. Click Microsoft Dynamics GP, point to Maintenance, and click Clear Data to open the Clear Data window.

4. On the Display menu, click Physical.

5. In the Series list, click System.

6. In the Tables pane, click Security Resource Descriptions, then click Insert.

7. Click OK, then click Yes to confirm.

8. In the Report Destination window, select Screen and click OK to send the report to the screen.

9. Close the report when it finishes.

Despite the menu name, this process doesn’t clear your security data—it rebuilds the resource description table that the SmartLists need to translate IDs into readable names.

A Quick Word on GP’s Future

If you’re still running Dynamics GP, you’ve probably seen the writing on the wall: Microsoft has confirmed end-of-life timelines for GP, with mainstream support winding down and security updates ending in the years ahead. Tools like these SmartLists are still incredibly useful for the work you’re doing today—running clean audits, prepping for SOX or insurance reviews, and keeping role assignments tidy.

They’re also useful if you’re starting to think about what comes next. A clear picture of who has access to what in GP is one of the best inputs you can bring into an ERP evaluation, whether you’re looking at Dynamics 365 Business Central, another cloud ERP, or simply tightening up your current environment. If your team is starting that conversation, we’re happy to help you think it through.

In the meantime—run the export, import the SmartLists, and enjoy not having to write another security script.