Any Enterprise Resource Planning (ERP) system you use needs to have a built-in security system that helps protect your database and the information that it contains from unauthorised access. It should also allow you to specify the level of access authorised users are allowed within the database, i.e. what data they can read and/or modify. Here at TVision we have put together 24 tips to help you better understand how the security system of Microsoft Dynamics Business Central works, and what you can do in your business to keep it secure.
- Use Multi-Factor Authentication to safeguard access to the application and your data.
- Minimise the number of super-users you have on your system.
- Don’t rely on system permission sets. These cannot be edited and do not address any particular segregation of duties you may have in your business. Instead, you can build new ones by creating User-defined permission sets. These are either editable copies of the system permission sets or are new ones created from scratch.
- Permission sets can also be imported into or exported from Business Central. If you have another Business Central tenant, you can export permissions from one tenant and then import them into another one. Exporting permission sets to XML also allows you to create a backup of your permission sets that is external to the system.
- Permission sets can also be created or modified by using the Record Permission function in Business Central.
- Setting up user groups within Business Central will allow you to manage permission sets for particular groups of users within your business. Permission sets assigned to a particular user group stay synchronised. If you change the permissions of the user group, this will be automatically updated for all the users in that group.
- Decide, at a company policy level, whether users will be disabled or deleted when they need to be removed from Business Central. Disabling users will ensure that auditors are still able to see when the user had access to the system and what their permissions were while deleted users cannot be re-enabled.
- Ensure the built-in change log is enabled for all changes to user permissions.
Business Central Set up
- Set up a clear approval system for making journal entries, orders, payments, credits etc.
- Ensure there is segregation of responsibilities so that only Super Users (of which there should only be a limited number) can create a Vendor record, raise an order, receipt it and pay the Vendor by themselves.
- If possible, separate your master records from your transactions. For example, users responsible for creating Vendor records should not be responsible for Accounts Payable entries and Payments or users responsible for Customer records should not be responsible for Sales entries.
- Keeping a handle on bank reconciliations is very important. Make sure that all reconciliations (bank, vendor, customer etc) are reviewed and/or approved by a supervisor/manager.
- Restrict user access to add-ons or tools such as Vendor Merge or Customer Merge.
- Ensure that Excel Export and Edit in Excel are only enabled for users who understand GDPR and risks of industrial espionage.
- Set up clear processes for requesting and adding additional users. As part of this, make sure that you have all the information you need about the user permissions required and have a robust approvals process.
- Set up a clear process for quickly adding backup user access as and when it is required.
- Also plan for emergency access and have a clear process for removing this emergency access once it is no longer required.
- Design your processes in such a way that it ensures segregation of duties. Users should never have access to multiple parts of a process.
- Ensure users are properly trained. An erroneous journal or master data deletion can be expensive to repair and can lessen the value of your data.
- Make sure you build and use workflow approval processes. It is important that users review what they are approving, not just rubber stamp them.
- Use your sandbox to test any changes to your security settings.
- Regularly review users and their access levels.
- Regularly check for orphaned users (users who should no longer have access to your system) and remove them from the system.
- Contact TVision if you have any questions about Business Central security and how you can improve it within your business.