Roles and authorization concept
As an IT manager, you know only too well how quickly data chaos can arise. A simple mistake, careless act , or malicious intent can quickly result in sensitive data being viewed or tampered with .
The consequences of this can be dramatic: fines, contractual penalties or even the loss of business partners and customers . You know it's your job to minimize these risks and create a secure environment for your company's data.
A role and authorization concept that ensures authorized access to IT systems and data helps here. Your goal is to be compliant and to be able to present documentation to your auditor at the next audit .
Typically, you use the roles and authorizations to control the order limits and releases when purchasing and the authorized changes to all master data such as e.g. B. customer, vendor or article master data.
In this blog post, you will learn how you can set up a role and authorization concept in Business Central to be on the safe side for the next audit .
Roles in Business Central
There are different roles in Business Central that grant users access to specific functions and data. Depending on the role, the role center, the user interface, is adapted to the role and only the tiles, lists and actions that the user needs in his role are displayed.
Each role includes predefined permission sets and access. A basic distinction is made in BC between standard roles and user-defined roles
The Business Central standard has the following predefined roles:
The role center of the managing director gives a comprehensive overview of the most important key figures such as B. the sales in the current month, the total amount of overdue sales invoices and outstanding purchase invoices.
Furthermore, the managing director can see at a glance the number of current offers, orders and purchase orders.
- Assessment by Managing Directors
- service manager
- Sales order processing
- production manager
- project manager
- Marketing and Sales Manager
- Administration of users, security groups and permissions
- warehouse manager
- Shipping and goods receipt
- team member
- Warehouse worker - warehouse management system
Custom roles are customized and can be tailored to a company's specific needs.
Manage Roles & Permissions
Store a profile for greater user-friendliness
Eliminate frustration and inefficient workflows by increasing the usability in BC. Give your users the right tool for day-to-day operations with profiles .
Profiles in Business Central are a way to customize the user interface and work environment for users. This is where you control which relevant features and pages users should see .
Profiles not only increase user navigation speed , they improve security by restricting access to features and data to a specific group of users.
Here you will find a short working aid on how you can store profiles for the user in Business Central.
Security groups with Microsoft Entra ID (formerly Azure Active Directory)
Imagine you are a bouncer and your job is to make sure only certain people come through the door. Security groups in Business Central are like a guest list, allowing you to decide who has access to which areas.
The Microsoft Entra ID is like an ID that every guest carries with them. By linking security groups in Business Central to the former Azure AD, users can be automatically assigned to specific groups based on their Microsoft identity .
This connection simplifies the management of user accounts and access rights in Business Central and enables effective integration with other cloud-based applications and resources. It's like a bouncer reading the guest list with a scanner to ensure only authorized people get through the door.
By using security groups and Microsoft Entra ID (formerly Azure Active Directory), organizations can better meet their security and compliance needs .
Entra ID enables organizations to centrally manage identity and access management and ensure a unified , secure identity for all cloud-based applications and resources.
This provides greater security and control over access to corporate data and applications. In addition, companies can automatically assign the Business Central license to members of the security group. By assigning the license at the group level , companies can reduce the administrative burden by not having to set up users individually.
Continue reading: Creating Security Groups in Business Central
Add Permission Sets
You can add not only members to security groups in BC, but also specific permission sets.
Field Security Matrix
In addition to the authorization sets, you have the option of defining access rights to specific fields in a table via the field security setup and matrix in BC.
This feature can help restrict access to confidential or sensitive data, reducing the risk of data misuse or loss .
For example, you can use field security to restrict access to sensitive financial data, such as bank account numbers or credit card information.