authorizationbox:5monitoring:walkthroughs:1create_cp

  

How to: Create a Critical Permission

A Critical Permission is a query that can be best phrased in the form of a question. In such a question you can ask the Authorization Box to inquire which Users, Permission sets and Organization roles have a certain amount of access, with which they have a critical permission. Examples of these questions are:

  • Who is able to modify items?
  • Who can create a payment proposal?
  • Who is able to perform other tasks, e.g. post invoices, modify setup, etc.

To view, create or edit Critical Permissions go to Monitoring > Critical Permissions. Here you will find an overview of all defined Critical Permissions. To create a new Critical Permission, click New.

Start with populating the fields in the header:

  1. Name the new Critical Permission. As stated, this is best phrased as a question;
  2. Optional: describe the Critical permission in detail;
  3. Describe theassociatedrisk;
  4. Select the impact, process and category of the permission;
  5. Set the has to comply to field to ‘all objects’ or ‘One object’ - One object: Select one object if only one of multiple defined objects has to match a user, permission set or organization role's permissions in order for it to be in the analysis result. Any of the permissions for any of the objects defined makes a user, organization role or permission set to which the Authorization is granted appear in the results. This is often used foranalysingpermissions to master data and setup information.
    1. All objects: Select all objects if all defined objects have to match a user, permission set or organization role's permissions in order to be in the analysis result. For example to post a document a user needs Authorization to both the table data posted header and posted line: Purch. Inv. Header and Purch. Inv. Line (regardless of the permission set through which these are assigned). Dynamics 365 Business Central blocks posting if the user is missing any of these Authorizations, so it makes more sense to inquire who/what has both these Authorizations;
  6. Tick the box Analysis with excluded permission sets to include any excluded Permission Sets in the analysis result of this Critical Permission;
  7. Tick the box Retrieve dynamics modifications to get insight in the actual usage of these permissions by users by retrieving the modification logs. Note: Analysis will take significantly longer when this box is ticked.

After saving the Critical Permission with the Save button, go to the objects section. In this section you link one or multiple Objects to the Critical Permission by clicking New.

Here you define the objects that represent the question you are asking Dynamics 365 Business Central or Dynamics 365 for Finance and Operations. In other words, this is the technical translation of the question.

  1. Select the object type;
  2. Select the object to match on for the analysis. You can find the object by typing the id or name of the object;
  3. Set the And/Or RIMDX field to ‘AND’ or ‘OR’. This works similar to the header field has to comply to: - AND: Select AND if all the defined Read, Insert, Modify, Delete and Execute (RIMDX) permissions for this object have to match a user, permission set or organization role's RIMDX permissions for this object in order to be in the analysis result.
    1. OR:Select OR if only one of the defined Read, Insert, Modify, Delete and Execute (RIMDX) permissions for this object have to match a user, permission set or organization role's RIMDX permissions for this object in order to be in the analysis result;
  4. Define the permissions for this object you want to match on.

Click the Save & Close button to close the page or click the Save & New button to define another object for the Critical Permission.

Optionaly, go to the Allowed Organization Roles section of the Critical Permission. Click the New button to pre-approve Organization Roles and the users in this role in the analysis results.

  1. Select the Role which you want to pre-approve. Only select roles in which you expect the Authorizations for the Critical Permission to be included (without risk);
  2. Optional: Select the company in which the Organization Role is pre-approved.

Authorization Box will mark these results as “Agree Configuration”, which will save the reviewer time during the review of the analysis results. W ith the Save & Close button you close the Organization Role page. With the Save & New button you can add multiple Allowed Organization Role to the Critical Permission.

Optionaly you can link conflicting Critical Permissions in the Conflicts section by clicking the New button.

  1. Select the conflicting Critical Permission;
  2. Optional: Select the company to which this conflict applies;
  3. Select the impact of the conflict;
  4. Describe the risk of the conflict

Click on the Save & Close button to save the new Conflict. It is also possible to setup conflicts from the menu by going to Monitoring > Conflicts > New.

  • authorizationbox/5monitoring/walkthroughs/1create_cp.txt
  • Last modified: 2020/10/23 10:36
  • by luukvm