After the series of GP Application Level Security topics from David, I thought of just substantiating one point which is also recommended by David.
While upgrading GP from lower versions to v10.0, it is recommended to redesign our User Security Access list instead of carrying forward from the lower versions. For those who ask “Why should I redesign when my Security Access details are already on place in the earlier version and it just needs to be transferred from lower version to current version?”, the reasons are listed below:
1. The security model approach in GP 10.0 is Pessimistic as opposed to the lower versions which are Optimistic.
2. It’s a perfect oppurtunity (as precisely mentioned by David on one of his articles: Information about using v10.0 Security Conversion Tool) to redesign our User Security Access using the new Security Roles and Tasks. While the conversion tool does transfer the existing details, it does not however convert the details to the exact Roles & Tasks. It just do a “Near-Role & Task” conversion, as explained on this article.
3. The new Security System provides us with a set of default Roles & Tasks, which are best suited and completely covers the entire system and its operations. In any case, we still need to re-define the Security Access rights to the 3rd Party features, so that is not considered in this discussion at all. We can leverage our Security Details to the best extent by making use of the new set of Roles & Tasks.
4. Technically, the tasks are CREATED instead of CONVERTED. Means, the old Security Details are recreated on the System tables, which means, unwanted load of Security Data. Which means, we may load our system with too many records which are not exact, but near to what is exact.
There may be a lot of other reasons, but the above is what I could think of at this very moment. I sincerely welcome more points supporting / opposing this.