Everything you need to know about security in Business Central
Data security is at the core of all of Microsoft’s business applications, and Business Central has several layers of protection for every user account. As a growth-minded solution, it’s equipped to handle the changing needs of your business, including scaling permissions up and dialing them back as often as you need.
There are a few basic components to the makeup of Business Central’s security setup: user access, user permissions, and general data security.
Managing access
The entire Dynamics 365 suite follows a security hierarchy, starting with global access granting rights to all records within the system all the way down to view-only or even no access. And after a strict authentication and authorization process, users can work within their allowed modules—like the Chart of Accounts, General Ledger, Vendors, and Inventory—in the system. These modules can be made accessible to certain security roles, and those defined security roles are then applied to specific users.
Business Central is only accessible to authorized users–aka users with a unique license assigned to them. When users log into Business Central, they’re authenticated through Azure Active Directory, and since Business Central is cloud-hosted, this provides you with a single sign on experience using your organization’s Office 365 credentials.
Once users are authenticated using their credentials, the system authorizes their access based on their license type (a Team Member user has difference access rights than a Full User will have), and their permission sets will limit or grant access to the different areas of Business Central.
Image courtesy of Microsoft
Global admins will grant users access to certain areas of Business Central based on the requirements of their role—accountants and inventory specialists will have vastly different needs on a day-to-day basis, and it makes their jobs easier when unnecessary functions aren’t clogging up the application interface. And even more importantly, users will only be able to access, view, and edit the data in the areas in which they are authorized to do so.
Developer access
A developer can help you extend the reach and capabilities of your Business Central instance, and countless add-on modules, integrations, modifications, and customizations can help your business get the most out of your investment and work with a highly tailored system for your needs. Since all extensions and customizations are built within the code of Business Central (instead of forcing incompatible code into Business Central), developers will want to familiarize themselves with AL.
To access Business Central as a developer, you’ll need to be given Super User permission by a system administrator—providing you the ability to read, use, update, and delete data as needed.
Setting up user roles
A great way to make sure users have the right access is to set up Role Centers. When you log into Business Central and view your dashboard, what you’re really seeing is your personal Role Center—equipped with quick links and widgets with insights, forecasts, and real-time data. By having a user experience shaped by your requirements—and only your requirements—you’re able to cut down on clutter and more quickly complete the tasks you need to focus on. A role-tailored experience makes a system as vast and full-featured as Business Central feel intuitive and easy to navigate.
Available Roles in Business Central
Company-wide configurations can be set for Role Centers to ensure each user with that role is seeing the same view and functionality when they open up Business Central. Additionally, you have the ability to allow users to make tweaks to their own personalized dashboard, allowing them to set things up the way that works best for them, or lock down these role modifications, meaning that once a user has been assigned a role, they won’t be able to make major changes to their system interface, guaranteeing that things stay the way you intend. To allow or disallow personalization on a user level within their roles is entirely up to system admin.
Managing security groups
New to Business Central with 2023 Release Wave 1, security groups will make it easier to manage user permissions by categorizing users into groups based on things like department or job function. That way, you can mass apply permissions to entire groups with similar needs and requirements much faster than going user by user.
Security groups are also available in other online Microsoft applications like SharePoint and Dynamics 365 CRM to simplify your security administration across all your business solutions. Learn more about security group management →
Enhanced data protection
Business Central provides security on four fundamental levels: database, company, objects, and records. Users must have their own credentials to log into the SQL Server, which are granted by the SQL Server administrator with Super User access.
Business Central encrypts data in three scenarios: encryption at rest, encryption in transit, and encryption in use—meaning your data is 100% secure at all times. Encryption at rest ensures that data physically stored in a database is secured, encryption in transit means that data is secure once a connection to a network has been established, and encryption in use analyzes requests to access your data in real-time and makes your data unreadable to those who do not have authorized access to it.
Each and every user—whether you’re a global system administrator or access Business Central to view reports—has industry-leading security measures behind them.
We’re happy to help you further understand security in Business Central, as well as set up and assign security permissions and role centers for you. Just connect with us!