Finance and Operations Saturday - Everyone is Assigned System Administrator in D365 Finance and Operations, Help!?!

FinOps Saturday – Everyone is Assigned System Administrator in D365 Finance and Operations, Help!?!

This session is presented by the Microsoft Business Applications Alex Meyer, the director of Dynamics AX and F&O development at Fast Path. Fast Path is specialized in security and compliance reporting across a number of different ERP and CRM systems.

Alex Meyer’s focus area is in the Ax and F&O space. He has been in the AX and F&O space for the last five years specifically around security audit and compliance functionality and reporting. Alex has always been active and has done numerous sessions in the Dynamics community groups.

In this session, you will be going through understanding the F&O security model where you will be looking at security layers, securable objects and how security can affect user licensing and then also going to look at utilizing these privilege and how you would go about doing that you know how you would go about obtaining the menu item information that you need looking at some of the features and functionality that exists within the application such as security Diagnostics to roll test workspaces.

Tasks recorders are the tax recording functionality you’re going to look at actual to real-life user scenarios about how actually utilize this lease privilege methodology in the real world and then the steps you can utilize to implement this as well.

so the first thing that we talked about is you know I mentioned least privilege security you know why is this important there are different things that we talk about more looking at why is least role of security important first is that if you implement you know I guess what is least privilege security least privileged security is assigning the least amount of permissions to a user that they need to perform their day-to-day operations

so why is that important the first is an environmental risk right if the user has more access than they need they could intentionally or inadvertently go in and perform act I could put your company at risk right they may user may go into the system and they may not know what changing a particular configuration value or changing you know purchase order or other you know objects in the system may the impact of that and so you know if they’re not supposed to be doing that you know taking that privilege away from them or their access away from them can take away that risk of them accidentally performing that you know whether or not it’s intentional or inadvertent just removing that access removing a lowers your environmental risk.

Second, is user licensing because your security is tied directly to your license requirements right what you assigned to your users is going to dictate the licensing that’s required if you’ve lowered the amount of access that you’re assigning to the user right you could potentially save your company tens of thousands or hundreds of thousands of dollars in licensing costs just by going in and removing that access especially if like we talked about with this particular scenario where you have users, multiple users, a scientist admin in your system right and they’re all requiring the enterprise level license or operations of a license.

Finally, the segregation of duties. This kind of follows up on the environmental risk as well but if you lower the access that a user has, you’re going to also lower the amount of segregation do these violations and also the amount of mitigations or process controls you have to put in place for those especially if you’re a publicly-traded company. You have certain socks requirements or other audit requirements such as GPR and things like that. The more you’re lowering your access that users have in the system the less segregation do these issues you’re going to have and then the less time you have to spend remediating those or providing process controls or mitigations for those so now that we know why at least world security is important.

Leave a Comment

Your email address will not be published.