Microsoft Dynamics 365 Business Center is a powerful enterprise resource planning solution, designed to integrate data and deliver transparency and collaboration across the enterprise.
With so much data in motion, in use and available, companies need to be sure that they have the right policies and procedures in place to manage who has access to what data, to keep data protected at rest and in transit and to uses the tools within the software to set and change permissions as needed.
How Do We Provide Access to Microsoft Dynamics 365 Business Center?
Access begins with determining your list of users. Those users can then be bundled into user groups and provided individual permissions or have sets of permissions applied. Authorized administrators can easily pull up a list of users and see what those users have access to.
The Microsoft solution offers several options for authentication:
- Windows Authentication, which is the most commonly used and draws on the Active Directory listings already in use at your organization to allow for login access
- Business Central Password Authentication, used by organizations that do not use Active Directory for identity management or those that have too many domains in use that make a Windows authentication solution unwieldy
- Office 365 Authentication, which is becoming an increasingly popular option for businesses that have moved to the cloud-based Microsoft Office 365 solution. Your login to Office 365 also logs you into Dynamics 365
Another way to control access is to consider your license type. Based on the licensing agreement, you may have several different user options in order to optimize the user licenses you have:
- Full User (access to everything)
- Limited User (3 tabs or tables per session allowed)
- Device User (For uses such as barcode scanning)
- Windows Groups (Permissions flow through site-defined workgroups in Active Directory)
- External Users (rarely used and typically for systems functions)
How Do You Determine What Each Person or Group Can Access?
Microsoft has introduced a new feature called Effective Permissions, which is located on the user table menu and provides you with details on what each user has access to. For each Object Name for whom the person has access, it will indicate whether the user has permission to read, insert, modify (edit), delete or run the object. Most of the items will indicate a Yes or a No for each function. For some cases, there is an Indirect entry selected, meaning that the user can only deal with the data via a process not directly.
How Can You Build Permissions?
Setting permissions user by user is an unproductive way to control data access. You can bundle permissions in two ways.
Permission Sets are groups of objects that are related to a certain work process, such as posting bank deposits, cash flow or sales and inventory forecasting. You can create permission sets of related objects and then assign those sets to users, allowing you to quickly give access to those working on similar processes. For example, there may be one permission set for those who need to edit bank deposits and another for those who can see bank deposits but not edit them.
These bundles of permissions include a large number of items that are pre-defined and included with the software solution and those that are user-created.
User Groups are bundles of permission sets and are typically used by larger organizations with more complex security needs. They allow the organization to collect groups of permission sets and assign users to those larger groups. User groups are usually not necessary in small organizations and generally are only needed when you have more than 20 users.
How Do We Determine Who Has Access to Which Data?
The key driver behind permission sets and user groups is to separate duties and limit access to those who need to use the information. The goals are to:
- Protect financial data and records
- Hide confidential data
- Prevent fraud by dividing labor
How Can We Manage Roles?
The solution provides a Role Center where Microsoft has pre-defined roles that are common for a particular set of job duties. It allows you to define for each user what systems they can access, languages they will use, The Role Center should conform to your permission sets and user groups to maintain data security.