It is no surprise that organizations need to have reliable user controls in place for systems that house valuable information and sensitive data. There are many reasons for ensuring robust user security and management which we will dive into later, one of which is the ability to deter employee fraud. Employee theft is, unfortunately, a prevalent occurrence across organizations and industries. This is a longstanding challenge that businesses have had to face on a regular basis. These days, since computer systems play such a vital role in work, organizations are at an increased risk of both physical and virtual theft. Fraudulent timesheets, fraudulent expense reports, mismanagement of funds, and vendor billing issues are common breaches to name a few. Such risks can be reduced with effective user management in Dynamics 365 Business Central.
Why is Effective User Management So Important in Dynamics 365 Business Central?
Effective user management not only elevates the user experience for every user, but it also safeguards sensitive customer information. By controlling user access on a region-by-region basis, organizations can further limit the reach to a corresponding geographical area.
By limiting users’ access to only information that is relevant to them and blocking all other data, you can boost security and improve the user experience when it comes to findability.
On top of all that, securing sensitive information allows organizations to stay compliant and can help when it comes to meeting requirements for external regulatory bodies. In addition, there is a lower risk of a data breach, as limited access is granted to any sensitive information within the organization.
While all this is beneficial, you can also take things up a notch and gain even greater control over user access in Dynamics 365 Business Central with the Advanced Cloud Security App by EFOQUS.
Out of the Box User Security in Dynamics 365 Business Central
Before we jump into the Advanced Cloud Security App, we first need to understand the out-of-the-box (OOTB) user security available in Dynamics 365 Business Central.
The standard OOTB security permissions start outside of Dynamics 365 Business Central as they depend primarily on your license. Right now, Dynamics 365 Business Central is split into two worlds, the on-premises, and the cloud. The on-premises security permissions depend on what you have access to and when you came on board. In the cloud, you can either be an essential user or a premium user, but not a mix of the two, and that is how your team membership level is determined. A team member has a specific license to read and modify access to most of the application, but they can also have insert and create access to very specific actions, such as creating a quote, creating a timesheet, doing approvals, etc.
With Dynamics 365 Business Central version 18, Microsoft introduced a translation layer between the two worlds: entitlement. So, from the licenses, we get entitlement to the system, and from that entitlement, we can then assign user permissions. To simplify matters, we can say that licenses apply to the entire system, and then with entitlement and permissions, we can narrow down the capabilities to smaller subsets and define a set of objects inside Dynamics 365 Business Central. Everything inside Dynamics 365 Business Central is an object, such as a table in the database, a page on the screen, or a generated report. These objects can be assembled into what is known as a ‘permission set’, controlling who gets access to what.
The OOTB capabilities in Dynamics 365 Business Central allow you to assign profiles/roles and permission sets by individual users or user groups. The more targeted your user security is, the more control you will have over your data. The Dynamics 365 Business Central environment comes with 74 pre-configured permission sets and 45 pre-configured profiles/roles to help with this.
It is important to know that all users in Dynamics 365 Business Central must be assigned one or more permission sets, and by creating user groups you will have better control along with the power to simplify user management altogether.
Achieve More in Dynamics 365 Business Central with Advanced Cloud Security
So far, we have understood that with OOTB security features, organizations can have a narrowed down and targeted approach to user management in Dynamics 365 Business Central. But with the Advanced Cloud Security App by EFOQUS, you can enable unparalleled granularity and control within your environment.
The Advanced Cloud Security App acts as a companion to the OOTB functionalities of Dynamics 365 Business Central, and some of the most noteworthy features of the application include but are not limited to:
- Increased Control for Admins: Administrators exercise full control over who has access to what in Dynamics 365 Business Central.
- Ability to bundle Security Features: By packaging filters into security features, you have the flexibility to assign them based on users, user groups, or even permission sets.
- Elevated user control and experience: The app simplifies which users can access sensitive data in Dynamics 365 Business Central.
- Localized access: With the Advanced Cloud Security App you can regionalize user access. You can segregate users into user groups and limit access by region.
- Enhanced Information Security: Minimize the chance of security breaches and cyber threats by locking down and safeguarding sensitive information.
In the Advanced Cloud Security App, you can further fine-tune security functionalities. These security features allow you to unlock more precise capabilities in four distinct areas:
1. Field Control: Full control over which users can/cannot access or edit a particular field in Dynamics 365 Business Central.
In the Advanced Cloud Security App, when we set up security features, we can alter access on a field-by-field basis. Thus, as in the screen below, we control the Address in the Customer Table to be disabled, no matter which page it shows upon. But at the same time, we can also provide read-only access to the City field in the customer table on any page.
Additionally, the Advanced Cloud Security app works well with customized objects, third-party apps, and will work with any element within the system.
2. Page Control: Specify if a control (i.e., a non-field) on a Dynamics 365 Business Central page should be visible or not to specified users.
You can simply select a page in Dynamics 365 Business Central and select any control that appears on that page to modify the level of access. In the screen below, we can see that we have hidden the control Balance Due on the Customer Card page.
3. Action Control: Specify if an action in the Dynamics 365 Business Central action bar should be enabled or not for users.
You need to remember that menu items are considered ‘actions’. In the security features, you can look up actions and their captions as shown below.
By choosing Action76, we are disabling access to Statistics on the Customer Card page.
4. Data Access Filter Control: Apply a dynamic filter whenever a specified table is accessed in Dynamics 365 Business Central. In the example below, we are filtering the Customer table on the Customer Posting Group.
As you can see, the “$UF_31$” is a code for a defined setup that allows you to cater to a wide area of user groups without replicating the setups.
A remarkable thing about the Advanced Cloud Security App is that you can have multiple features for one ID. In the image below, we see that we have two features configured as items – ITEM and ITEM SENIOR. In the case of special entities that get both security features applied to them, since ITEM SENIOR has a higher priority, it will override ITEM.
Assigning Security Features in Dynamics 365 Business Central with the Advanced Cloud Security App
The Advanced Cloud Security App provides great flexibility when it comes to assigning set security features to users. You have the power to bundle filters into a security feature that can be applied to a specific user, user group, or permission set:
1. User Setup: Through user setup, you can choose to assign security to individual users in your environment. Here we see that user EH has the security feature of CUSTOMER applied to them.
2. User Group Setup: In this case, you can assign security features to groups of users.
3. Permission Set Setup: Another option that organizations have is to piggyback security features on permission sets. If you are getting permission set out of the regular setup, you can have a security feature attached to it.
It is completely up to you to determine what strategy to use to assign the features to your users.
Moreover, just like in the OOTB setup, you can also monitor effective security on a single user in the Advanced Cloud Security App.
See The Security Features in Action
There is an example of what it would look like if your above-mentioned configurations were set accurately. Going into one of the customers, we see that the Address is disabled (greyed out), the City is read-only, and we do not see the Balance Due Field as it was hidden. In addition to that, we see that the Statistics action is also disabled.
See how the Advanced Cloud Security App can improve user management and the user experience in Dynamics 365 Business Central platform by watching our webinar: The Key Ingredient to Enhance User Security in Dynamics 365 Business Central, now available on-demand!
Exhale Deeply with the Advanced Cloud Security App
The Advanced Cloud Security App provides you with the power to enable enhanced user management and control by generating code behind the scenes! The app was developed with simplicity in mind and is designed for both Microsoft Partners to implement it for their customers as well as organizations to implement it themselves for end-users. It is safe to say that the App has a very do-it-yourself approach and comes with comprehensive training videos that guide you every step of the way. But fret not, EFOQUS offers support to help you get the Advanced Cloud Security app up and running in no time and the app is available for both Dynamics 365 Business Central cloud and on-premises, version 16 and above.
You can make use of the application on a subscription basis, for only $1000 USD per year without worrying about the number of seats and user groups. This charge includes your two sandboxes and the live production environment. On top of that, even though the application is not CFR21 compliant, we do believe that it can help in supporting some of the requirements from CFR21.