Efficient authorization management, how to do that?
It is an ongoing challenge to get and keep the authorizations in Business Central in order. Nevertheless, authorization management makes it possible to control authorizations and carry out these controls and therefore deserves your attention, continuously.
Consider the following points for a clear and manageable authorization set-up:
- Work out all activities in clear work instructions, which apply to authorization management.
- Give clear and consistent naming conventions to authorization sets and user groups or organizational roles. Can someone without knowledge of the authorizations still understand what you are trying to achieve with the setup?
- Make sure the naming is understandable, reducing the chance of errors.
- Use function names as names for user groups or organizational roles.
- No mixing or misuse of the configuration to achieve a purpose other than that for which it is intended.
- A person responsible for managing authorizations should be designated.
- Also include authorizations in change management for Dynamics. When installing new objects, authorizations often need to be adjusted as well.
- Test the authorization set-up twice: by yourself and by a (core) user. The goal must be to eliminate as many errors as possible beforehand.
- Record error messages in a ticket system including a screenshot of the entire screen, user and what the user is trying to achieve. This is by no means always clear.
- Ensure that documentation on the structure of the authorizations is always complete and up-to-date.
Autorization changes in Dynamics Business Central
To prevent clouding of the authorization structure and thus errors or unpleasant consequences, have the requests for changes or new authorizations follow a procedure. At a minimum, the procedure should include the following points:
- Authorization requests should be approved by at least one approver who is authorized to do so. For example, the CFO or the person responsible within the controlling or HR department.
- It should not be possible for users to approve their own requests. The responsibility for approving authorization requests should rest with one person.
- Authorization requests should be archived or logged. It must be possible to trace any changes to user authorizations.
- Comments to authorization requests should also be archived or logged.
- An authorization request does not need to be approved immediately. A comment from the approver is then required to account for the change at a later time.
- Authorizations that are temporarily granted to an existing function should be requested in advance with an end date. This prevents temporary rights from becoming permanent.
- This also applies to authorizations granted to temporary employees. Vacation or interim employees are some examples of users who should be assigned functions with an end date.
Efficient authorization management
Once again, managing authorizations in Business Central is an ongoing challenge. An increasingly complex application landscape, mergers and business requirements for IT demand a large part of the authorization manager's workweek.
Does managing the authorizations in Dynamics 365 Business Central become a larger part of your work?
We solve this for you with Authorization Box. In this application, authorizations can be both set up and managed. With the help of a visual organization chart, managing is quick and easy. Curious? Contact one of our authorization specialists.