Skip to the content

How do I gain control over my authorization setup?

By being risk-aware, you can translate trust into assurance. A tight administrative organization and internal control contributes to this and can be realized through a thorough design of the authorizations in Dynamics 365 Business Central. 

From a risk-aware perspective, before completing the implementation of Dynamics 365 Business Central, you have already ensured the separation of functions by setting up authorizations. And, of course, you have organized the management and monitoring of the quality of the authorizations, making it easy to provide internal and external accountability. You are fully in-control.

The authorization cycle

Are you in need of security and control of your primary IT system, Dynamics 365 Business Central? Then get a powerful and auditable authorization structure in place!

Setting up authorizations is not routine job and requires specialized know-how. The complexity should not be underestimated. And the budgeted investment and the desired result should not be lost sight of.

For best results, we recommend that you go through the authorization cycle. The authorization cycle consists of the following steps.

  1. Designing
    • In the first phase, you start by determining the functional design of the authorizations. You specify how your functional organization should be translated into Dynamics 365 Business Central.
    • In order to design the authorization structure, top-down with core users, the necessary authorizations should be determined.

  2.  Building
    • As soon as all permission sets are clear, they are built and grouped according to organizational roles. For a simple approach, we recommend using Authorization Box.

  3. Refining
    • Regarding the built authorizations, a refinement from table or screen level to field level or with filters may be needed. It may also be necessary to apply validations at the field level. We recommend using the Field Security and Field Validation apps for this purpose.

  4. Managing
    • In order to maintain the realized authorization structure and make everyday authorization management as simple as possible, we use the authorization management functionality in Authorization Box.

  5. Monitoring
    • Monitoring the quality of authorizations is very important for internal control. Based on the Authorization Box, you can easily (continuously) monitor this quality. It monitors data ownership, segregation of duties and conflicting authorizations.

In order to distinguish a good authorization project from a perfect authorization project, we have twenty tips for you. Follow these tips and make sure you do not overlook anything. This way, a professional authorization setup is within reach!


Do you have a question? Get in touch with one of our IT audit professionals. We are pleased to help you.