Skip to content

Introduction

Dynamics 365 F&SCM security

D365 Finance and Supply Chain Management offers an out-of-the box security tool to manage access control in D365 for all users based on roles. This tool uses a security structure that consists of different building blocks, namely roles, tasks and privileges. Access control in D365 is determined at the lowest level: the privileges. These different building blocks give the administrator the possibility to set up his own security structure and to adapt his own roles to his business needs. A standard security structure is available in D365 and can be used as a starting point for setting up roles according to the needs of the business. Standard roles are available such as 'Accountant'. In this role, various tasks are available such as 'Approve closing transactions' or 'Approve vendor invoices'. These tasks include privileges to grant access to the system. However, this standard security structure is set up based on the US security standard, which means that some roles contain critical setup. The minimal documentation of this standard security structure brings an additional challenge during implementation and maintenance after implementation. However, a solid security structure is necessary for the company to meet the basic principles of accounting when it comes to security and to remain compliant with the licensing requirements of Microsoft D365.

What is delaware SMART security?

The SMART security framework is a structure that has been put in place to overcome the challenges of a good security implementation and has emerged from several projects. The framework offers a solid and generic structure that is already aligned with the European security standards. The structure is still flexible to be able to approach the security implementation flexibly and to meet the specific business needs. The SMART security framework contains documentation about the security structure that is set up during the implementation and offers a solid basis for maintenance after the implementation phase.

Smart security structure

Although D365 already has standard building blocks available at all these levels, the SMART security framework includes custom building blocks that provide more insight into what is included in each building block. The standard D365 privileges are used to create SMR tasks. These SMR tasks are set up to only contain the system access for a specific process step in D365. Settings in D365 are always included in a separate SMR task and are easy to recognize. All tasks also have a descriptive name so that it is clearer what does and does not fall under a role.

architecture

Authorization matrix

All custom SMR tasks are documented in the authorization matrix. This matrix divides the SMR tasks into different processes and different steps in a process. For each step there are maintain tasks and/or view tasks to provide more flexibility in setting the roles. While the SMR tasks are included in the SMART Security code and the matrix, the SMR roles are only specified in the matrix and not included in the code. The SMR roles in the matrix are only designed to have a starting point for the analysis phase in the security implementation, but do not serve any other purpose. This is because the security needs of each project are different. This matrix is ​​the starting point for the implementation but also gives its purpose after the implementation in maintaining the roles. This matrix is ​​the documentation that gives the company insight into their business risks and also makes them compliant with the accounting principles when it comes to security.

This authorization matrix only contains the processes that are included in D365 as standard. Developments in the environment at a customer are not included and must be added to get a good and complete matrix. ISVs are also not included in this matrix and must be added by the customer or partner who implemented the ISV.

matrix

License insights

SMART security code includes a custom workspace that provides insight into the security structure and the impact on licenses per user, role, task and privilege. This information can be used to optimize roles based on the desired license. For each building block in the security structure, the administrator can see which license is needed in the workspace. Because most SMR tasks only tap one license, roles can be set up to optimize license utilization. The workspace also provides insight into licenses per user if the roles are assigned directly to the users in D365.

architecture

support and contact

andy.marijs@delaware.pro 0032/478.80.53.70