Perhaps you have already done an authorization project (with or without our help), or maybe you need help to implement authorizations in Dynamics NAV or Business Central. If so, it is important that you maintain the permission sets. In this blog we’ll discuss the importance of maintaining general permission sets.
Different types of permission sets
During an authorization project, different types of permission sets are built with the (key)users. Some permission sets are representative for tasks and processes and others are representative for general functionality. At 2-Control we advise to authorize users on role based level. Usually, the general permission sets are linked to all roles or most roles and the task based permission sets are linked to specific roles. Summarized:
- Task based permission sets are sets that are built to perform specific tasks. For example, the creation of or posting a purchase order.
- General permission sets are designed to authorize users for general functionality and tasks within Dynamics NAV or Business Central. Examples include reading pages and running reports.
General permission sets ensure that organization roles remain manageable and task based permission sets ensure that when setting up the organization roles you can primarily focus on selecting the tasks that are relevant for a specific organisation role.
In addition, the general permission sets ensure that general authorizations can be managed centrally, reducing the risk of authorization conflicts and errors.
Changes in Dynamics NAV or Business Central and your business processes
Changes to the Dynamics NAV or Business central environment or to your business processes result in potential risks of an incorrect authorization framework. Changes to the environment are most likely to occur when new functionality is introduced via add-ins or when the system is updated and changes to your business processes are a logical effect of a growing or changing company.
Therefore, with each change, there are actual risks when the permission sets are not maintained. For instance, when critical pages that should not be executable for all users are added to the Dynamics environment and one of the general permission sets authorizes all pages, including the new page. In addition, added functionality can also result the risk of incomplete permission sets and therefore authorization issues.
It is important to check whether there are new or changed objects that need to be added to the permission sets or whether new permission sets need to be built for this.
2-Control can advise or support you in building and customizing the permission sets. If you have any questions about this topic, please feel free to contact us!