Business Central Administration topics for SaaS¶

The Business Central Administration Center¶

All administration tasks are done through the Business Central Administration Center. For more details see The Business Central Administration Center documentation and subsequent chapters.

Managing User Security in Business Central¶

• Training for administering D365BC online could be found on Microsoft Learn.
• Training for managing users and implement security in D365BC could be found on Microsoft Learn.
• See User Security in Business Central topic on Microsoft learn portal for more info.
• Technical info can be found eg. in Layered security model in Business Central.
• All admin tasks are described on Microsoft Learn portal.

Our recommended way how to manage permissions for users¶

• Create Security group for all users with access to specific environment and set this security group on that specific environment in Admin Center (Security groups, Assigning security group to environment)
• Create Security groups per user posts and add them into Business Central (Security groups in Business Central)
• Create Permission Sets per processes
• Assign process Permissions Sets to corresponding Security Groups (mapping the posts to processes)(Security groups in Business Central).
• Assign User to correct Security group based on their post (in Entra Id)

When is the best time to create permission settings¶

• You can create security groups for access to the environment immediately as needed
• You can create security groups by job position once you have your job positions mapped/defined
• You can create permission sets for processes as soon as you have your processes mapped/defined (mostly later during implementation in the pre-launch period). First you can create sets and name them and temporarily assign full rights for example. You can later restrict/replace these rights with new custom-made sets.
• Once all the processes in the system are ready, you can create per-process permission sets.

Creating permissins sets for specific processes¶

1. assign wider existing permission sets and remove from them processes/tables etc. to which users should not have access
2. assign narrower existing sets of permissions and add sets covering missing rights to them
3. create custom sets of authorizations using the rights recorder by simulating the process in the client's and generating authorizations for this recorded process

By using existing permission sets, you enable automatic extension/modification of permissions in the event of an application update. If the standard sets are not used, there may be a need to modify the existing sets with new objects after the update/upgrade.