“Now, ya’ll would guess that more often than not, the highest paid player on an NFL team is the quarterback. And you’d be right. But what you probably don’t know is that more often than not, the second highest player is [the] left tackle.”
Sandra Bullock from The Blind Side describes the left tackle in NFL as the team’s insurance. The role allows the quarterback to perform at their best by protecting their blind side.
“The first cheque you write is for the mortgage, but the second is for the insurance.”
So, what does this mean in the context of Dynamics 365 Business Central? Well, it’s easy to focus on the juicy new features that are implemented in any new project. But without the right controls in place, functionality can be misused, and the data misrepresented.
As such, Fenwick consultants will always dedicate time to proper role centre & security setup as a part of any implementation. This covers the following areas:
Security setup in Dynamics 365 Business Central is broken down into 3 levels. When a user is assigned a user group or permission set, they inherit the superset of all attached permissions.
- User groups – defines a practical user role, such as accountant or sales. A user group contains multiple permission sets
- Permission sets – a group of permissions which covers a function (i.e. reading the chart of accounts, or creating sales orders)
- Permissions – specifies whether a user can read/modify/insert/delete individual tables in the database
If you don’t want to restrict your users from accessing certain tables but would like to maintain a level of accountability for changes made, the Change Log can be utilised to keep a timestamp of changes made. Change Logs can be setup per field, so it can be configured to only record the modification of important information, such as a customer’s posting setup or payment details.
Users in Business Central are assigned a profile that gives them access to a Role Centre. This controls the pages that the user can access from their home screen and can be customised to only show the pages that are relevant for their role.
Extending on the standard permission functionality, Fenwick has developed Field Security+ as a part of the Fenwick Gold package. This allows field-by-field definition of mandatory/restricted access, with advanced functionality such as allowing only the initial entry. This integrates with Business Central user groups to further enhance usability.
Security can easily be overlooked, which is why I consider it to be the blind side of an implementation. Once cleverly designed, it can be one of the unsung heroes at the heart of your business’ operation.