The year 2023 has begun, and that means it's time for new resolutionS! Start 2023 right and set up your authorizations as smartly as possible for a secure and manageable Microsoft Dynamics environment. After all, with the right tools, knowledge, and methodology, professional authorization setup is within reach.  

To set up authorizations in a smart way, we recognize two perspectives: 
1. Exclude authorization setup 
2. Include authorization setup 

Which of the two ways you choose depends on the desired degree of control and on the time, money, and capacity that you are willing and able to invest.  

Exclude authorization setup 

With an exclude-authorization system, all users receive all rights and only the high-risk rights are taken away. These high-risk rights are assigned in separate authorization sets to the users who need them for the tasks they need to perform in Dynamics.  Here you can think of settings and data such as:

• Supplier dates and the chosen payment condition and preferred bank account;
• Accounting settings, including the accounting periods;
• Accounting groups that affect the accounting treatment of purchase and sales documents;
• User settings where the approval limit of users is determined;

This solution can be implemented in just a few days and results in a reasonable level of security and control. 

An exclude setup can be compared to an office where everyone is allowed to walk around freely, but only the cabinet containing all personnel files is locked. The setup and management are relatively simple, but with the result that people can walk around in places where they have no business being.

Advantages: 

• • The exclude setup can achieve simple but thorough segregation of duties with few users (up to about 50)  
  • The exclude setup takes little time to implement and is therefore cheaper
  • Less chance of error messages during testing and after going live. Because users are given more rights than strictly necessary, there is less chance that certain rights will be missing;  

Disadvantages:

• • The exclude setup is less detailed which means the lesser risks' are not always sufficiently mitigated;
  • The exclude setup ''is less future-proof than an include setup when the number of users grows and the maturity level of the organization increases;

 

Include authorization setup

With an include setup, only the minimum rights needed to successfully complete a particular task in Dynamics are granted, and no more than that. Compared to an exclude setup, users get a lot fewer low-risk permissions. This leads to an authorization setup with management and control capabilities in optima forma. 

To continue the office comparison, in this case, the front door is locked and people gain access to departments through a badge system. People can only enter the department where they need to be based on their function. 

In order for an include setup to work properly, the autthorization set must include all potentially necessary rights to perform a task. This requires involving many users in the organization and closely mimicking the tasks in Dynamics so that no permissions are missed. 

Advantages: 

• • The include setup provides an authorization setup that is set up in detail and thus a high level of control is enforced
  • The include setup is future-proof and works well even if your organization grows rapidly.

Disadvantages: 

• • The include setup costs more money, time and capacity than an exclude authorization setup.
  • Due to the higher level of detail, an include setup is more complicated and requires more error messages during testing and after going live.

 

Wondering which type of authorization setup suits you best? Or are you curious about the software we offer to get and stay in control? Please feel free to contact us.