Setup Authorization Monitoring
In the window Authorization Monitoring Setup you define the setup to work correctly with the module Authorization Monitoring.
- Open the window Authorization Monitoring Setup by selecting menu Departments - Compliance - Security - Authorization Monitoring - Setup - Authorization Monitoring Setup.
- Select the role with permissions to modify evaluations in the field Reviewer. Only users linked to this role are allowed to modify evaluations in the Analysis windows.
- Automatic Evaluation Posting: check this field to automatically post new evaluations in the Analysis windows.
- Register Evaluations: select ‘Changed’ to register only changed evaluations (since last posting) in the window Analysis Permissions, select ‘All’ to register all evaluations.
- The field Action by Agreeing profile enables you to define a default action for automatic acceptance of a profile: None (empty), Agree Users, Agree Permission Sets or Agree both. A default action for agreeing a profile might be configured as a generic option and overruled per standard competence.
- Automatically accepted findings are registered with the evaluation ‘Agreed’ by default. This might be changed to ‘To be reviewed’ in the field Default Evaluation for Accepted Finding.
- Manually Calculate Field Security: check this field to calculate the field- and dataset security setting manually (one time) instead of each time during analysis.Calculate by selecting Actions, Functions, Calculate Field Security.
Setup Organization Types
The module Authorization Monitoring is based on the organization types of Starreveld. The organization types can be linked to a process. Organization Types can only be deleted if they are not used (so if they are not linked to a process).
Follow the steps below to setup organization types:
- Open the window Organization Types by selecting menu Departments - Compliance - Security - Authorization Monitoring - Setup - Organization Types.
- Insert a new organization by using the standard Dynamics NAV method (Ctrl+N).
- Define the organization type for your organization.
Setup Processes
To judge the quality of the authorization per process and sub process, the processes and sub processes have to be defined in Dynamics NAV. It is necessary to define the processes and sub processes in collaboration with the organization. The defined processes and sub processes are entered in the module Authorization Monitoring and linked to standard competences. Processes and sub processes can only be deleted if they are not used (so they are not linked to a standard competence).
Follow the steps below to setup processes:
- Open the window Processes by selecting menu Departments - Compliance - Security - Authorization Monitoring - Setup - Processes.
- Insert a new process by the standard Dynamics NAV method (Ctrl+N).
- Define a clearly and recognizable code and description.
- Select in the field Organization Type by using the arrow down buttonthe organization type that is applicable to this process.
Setup Sub Processes
To judge the quality of the authorization per process and sub process, the processes and sub processes have to be defined in Dynamics NAV. It is necessary to define the processes and sub processes in collaboration with the organization. The defined processes and sub processes are entered in the module Authorization Monitoring and linked to standard competences. Processes and sub processes can only be deleted if they are not used (so they are not linked to a standard competence).
Follow the steps below to set up sub processes:
Method 1: Trough menu items
- Open the window Sub Processes by selecting menu Departments - Compliance - Security - Authorization Monitoring - Setup - Sub Processes.
- Insert a new sub process for the desired process with the standard Dynamics NAV method (Ctrl+N).
- Select in the field Process with arrow down button the process applicable for this sub process and define a recognizable code and description for the sub process.
Method 2: Through window processes
- Open the window Processes.
- Select the process from which you want to manage the sub processes.
- By selecting Related Information, Process, Sub Processes.
- Define like in the first method the sub processes now.
Setup Excluded Permission Sets
In this window you can setup permission sets (formerly user roles) that will be excluded from the analysis of the permissions. If the organization has accepted some risks, those risks do not have to be shown in the analysis. The role SUPER for example is always an actual risk, users with this role are able to modify all data in the database. If this role is included in the analysis, it always shows as an actual risk, which leads to an unclear analysis. For this reason you can exclude permission sets from analyses.
Follow the steps below the setup the Excluded Permission Sets:
- Open the window Permission Set Setup by selecting menu Departments - Compliance - Security - Authorization Monitoring - Setup – Excluded permission sets.
- Press Ctrl+N to create a new permission set setup.
- Select in the field Permission Set ID by using the arrow down button the permission set that you want to exclude from the analysis.