Every enterprise resource planning (ERP) solution is designed to help improve the consistency, accuracy, and security of your mission-critical data, and Microsoft Dynamics 365 Finance & Operations is no exception. Dynamics 365 F&O is equipped with advanced security and permission protocols to give you total control over your data and prevent it from ending up in the wrong hands.
A set of well-defined roles and responsibilities is important before setting security and permissions in any ERP system. This structure will help shape organizational management and the decision-making framework you have in place. It will also have an impact on operational performance, ensuring that each employee has access to the right tools and information to do their job efficiently.
Dynamics 365 F&O has made it easy for a functional administrator to manage and implement permissions for users and groups within your organization. But with great power comes great responsibility, so we want you to be fully prepared with a basic understanding of the security and permissions tools in the system.
Role-Based Security in Dynamics 365 Finance & Operations
In Dynamics 365 F&O, you can align security and permissions to the roles and responsibilities of users within your organization. The security structure itself is “role-based,” where you can assign roles to users, allowing employees to access the functions they need to complete their duties and tasks while locking down permissions, so they can’t go beyond their role.
Dynamics 365 F&O comes with out-of-the-box roles you can use, or you can create your own. You can also assign more than one role to each user, depending on their job.
Now that you have an idea of how the role-based security works, let’s take a look at how the security architecture of Dynamics 365 F& O is set up. With this understanding, you will be able to customize your security in the system to fit the requirements of your business.
- System Authentication
Every user must have an authenticated Microsoft Azure Active Directory (AAD) account to access the system. - System Authorization
Authorization is used to grant access to areas within Dynamics 365 F&O. The system administrator can create and edit roles, controlling duties and privileges to those roles.
- Security Roles – assigned to a user to determine the duties that they can perform and the parts of the user interface that they can view. Administrators can apply data security policies to limit the data for the access of user roles. NOTE: All users must be assigned at least one security role to have access to Dynamics 365 F&O.
- Process Cycles – also known as business processes, these are designed to help administrators locate the duties that must be assigned to roles.
- Duties – comprised of privileges that grant permission to perform an action in Dynamics 365 F&O. Duties are organized by the business processes that they are part of.
- Privileges – specifies the level of access that is required to perform a job, solve a problem, or complete an assignment. They contain permissions to individual application objects, like user interface elements. Privileges can be assigned directly to roles but it’s easier to maintain if you only assign duties to roles.
- Permissions – grants access to logical units of data and functionality, including tables, fields, forms, and server-side methods. NOTE: Only developers can create or modify permissions.
- Data Security
Data security is used to deny access to tables, fields, and rows in the database. In Dynamics 365 F&O, you can use the extensible data security framework to control access to transactional data within the system by assigning data security policies to security roles. Those policies restrict access to valuable data, such as sales territory or organization. You can also use the Table Permissions Framework (TPF) to set restrictions on tables that store data, including sensitive data.
The best way to protect your data and infrastructure is by controlling access to the systems where that data is being processed and stored. Clearly defined steps and responsibilities between IT and business can help align your strategy and assure that only authorized personnel have the proper permisssions. If you are just getting started with Dynamics 365 F&O, make sure you get familiar with its unique processes of granting and changing access and put in place a regular monitoring plan to keep track of who is doing what in your systems.
Get Your Access Rights Under Control
Depending on the size and complexity of your organization, effectively managing user access can be challenging – especially if you aren’t familiar with the setup, structure, and processes involved. With our Dynamics 365 and security experience, our team can help guide you on the best path to enhanced security and data accessibility. We can walk you through the setup or help you create custom security roles – whatever you need. Contact the OnActuate team today for more information!