How to Control User Access for Greater Security and Productivity in Dynamics 365 Business Central

By itself, Dynamics 365 Business Central has decent user access control, but it doesn’t offer the level of control that many organizations need.

Do you want more control over the data individual users can access?

If you could restrict users’ access so they would only see the customers, vendors, dimensions, or GL accounts they needed to work with, what could you achieve? Not only would you improve the security of your system, but you could also make your staff more productive, tuning out the noise of unnecessary information and making their user profile laser-focused on the tasks at hand.

Let’s show you how to do just that with our Advanced User Management extension.

Improved Security and Productivity

Advanced User Management lets you filter the data a user can see and interact with, based on Customer, Vendor, Purchaser, Salesperson, Global Dimension 1, Global Dimension 2, GL Account Number, and Inventory Journals. The restrictions can’t be bypassed by the user unless he or she has administrative access to the AUM extension.

Having granular control over visible data helps you enforce a thorough security policy throughout the company.

System admins can adjust user restrictions in a central location, with a user-friendly interface. You can select individual records, a range of items, or even several out of sequence using familiar Business Central filter language.

Keeping users restricted to the essentials prevents disgruntled employees from doing extensive damage to your data. And more commonly, access restrictions can help curb user error by limiting choices, reducing the probability that the wrong customer or account is selected. Your inventory can also be protected by establishing a posting limit, leaving larger changes to be done by managers with higher-level access.

Aside from tightening security and reducing errors, filtering visible data can improve user productivity.

As an example, a user can spend too much time sifting through customer records in a large database. Their workflow becomes more streamlined by removing the extraneous information and limiting their view to the clients assigned to their division.

If your organization is making full use of Dimensions in Business Central, you can also use these as another filter, limiting a user’s view to the department or location he pertains to.

Users on your sales team may need to work with revenue accounts in the General Ledger, while others may need to access certain expense accounts. Rather than having to sift through the entire Chart of Accounts, their access can be restricted to the accounts that they really need.

In this way, common data entry scenarios are simplified, improving the process and improving data integrity.

Bring your customers into the system without fear.

Create a user profile for a VIP customer and restrict their access so that they can only see their invoices, orders, etc. It’s like they have their own dedicated customer portal!


Evaluate Advanced User Management for Your Organization

Installation is easy, with a PTE App file available to download from our website free of charge. It will soon be available on Microsoft AppSource as well.

Ready to have more control and boost productivity? Contact us at ERP Connect Consulting; we’ll be happy to answer your questions and help you get started.

Try it out today with a free 30-day evaluation license! If you’re hesitant to install the evaluation copy, why not have a look at our extension in action in the following video and the transcription that follows?



Demo Video and Transcript

Hello everyone, this is Ben with ERP Connect Consulting. And in this video, we’re going to show you how to use our Advanced User Management extension. So, the first thing you’ll need to do after downloading this extension is to go into the Advanced User Management setup window, which you can find through the search bar here. After clicking on the setup, you’ll want to make sure that you generate your demo key so that you can use our product for free for the first 30 days, after which, if you decide it’s something that you want to use longer-term, you can reach out for an activation key. We offer both a yearly subscription as well as a perpetual license in order to use this extension.

After the extension has been downloaded and the keys have been generated, you’ll want to make sure that the activate extension toggle here is on if it isn’t already, as well as the item journal being turned on here if you are going to be using our item journal filters in the user setup window. So, after we have all this set up, we are good to go on the setup window and we can go one level deeper into our user setup.

This next screen for user setup is where we’re actually going to start to define some of the restrictions that we want on a user-by-user basis. So, on the first line, you can see I’ve got user ID “Ben” defined here, and the first field I have selected here is the customer. So, let’s say the first thing you want to do is restrict Ben to only see customers 100 through 500 in this range. Now you can see that I’ve got additional customers in addition to 100 to 500, but if I use some basic Business Central filters here do C00 100 to 500, what this will do now is if I go into my customer list, it will actually only show those five customers as if that’s all that exists in Business Central today. So, if I come into my customer list, you can now see that only those five customers appear to be existing in my database. You can see that there are no filters over here that somebody can clear out to see the rest of the customers, those things are all happening behind the scenes. And again, these customers will be the only five customers that appear to Ben when he’s logged into Business Central.

So, let’s go back to the Advanced User Management setup window here, and we’ll show you some of the other filters. So again, “customer” is just one example of what can be utilized in order to further narrow down the data set that the user is seeing. So, this extension functions as additional security around certain data points and data fields within the system that is not currently available in the base code of Business Central. So, we see a lot more fields over here. We’ll skip around a little bit. The vendor is going to be almost identical to what we saw on a customer level. If you filter for a range of vendors, you can either do one vendor, multiple vendors in a range, or non-sequential vendors by using the pipe function. Again, all out-of-box Business Central filters would be used here to select data that is going to be restricted at a user level.

If any field is left blank, basically there’ll be no restrictions on that field. So, everything besides customer right now would continue to be wide open, assuming that this user has access to those functions with just the out-of-the-box Business Central security setup. If we look at things like the salesperson and the purchaser, which we can see here, if I were to narrow that down to just Ben, now Ben would only be able to see things that are associated with his salesperson code. Any other transactions in the system that are related to either Dave or Tammy, in this case, would not be surfaceable within Business Central, again, because of these filters. Let’s get rid of that one.

We’ve got six different dimension fields. So, we got sales global one, global two, purchase global one, global two, and general ledger global one, global two. So, what this is going to do is it’s just going to give you a dropdown list of the dimensions you currently have in the system. So, let’s say I want to use admin sales. In this case, if I was on a sales transaction specifically, because this is doing sales transaction dimension one, Ben would only be able to see those sales transactions related to the admin sales department or global dimension in this case.

Again, global two, purchase global one, global two, and general ledger global one and global two will work exactly the same. Based on the module you’re in, this will filter down the data that the user is able to both access and see from a view perspective as well as enter into a new transaction. So, if I were to go create a brand-new sales invoice, the only dimension it would let me tag in dimension one would be admin sales. Again, if I blank this out, it will let me do anything in that sales module.

The last thing to point out before getting to the items is the general ledger account number filter. So, in this case right now, again, of course, I’ve got all my balance sheet and income statements here. Maybe Ben should only have access to revenue accounts because he’s dealing with this certain record of customers in this case. So, what I could do is I could again put a filter and what this filter is now going to do if I go into my chart of accounts, let’s refresh again, when I go into my chart of accounts, every other account will appear as if it does not exist in Business Central and it will only show us those revenue accounts that we just selected in that filter. So again, as you can see here, my data set is filtered down quite a bit only to that range that I’m looking for.

Finally, we’ll go back into Advanced User Management setup one last time, and take a look at the last two fields, which are both related to inventory journals. So, let’s go back one step. We’ve got to make sure that the “Activate Item Journal” is turned on in order to use these functions. If so, we can do two different things here. The first is just a toggle a yes or no, on and off, “Can Post Inventory Journals.” So, if this is selected to be on, then the user will be able to post those inventory journals. If it is off, they will not be able to post inventory journals. And we can also define a dollar posting limit or amount posting limit if they are allowed to post these inventory journals. So, if this is on and I’ve got $1000.00 here, that user will only be able to post up to that $1000 limit threshold that we have defined here. So again, if we are not using that, you can close this out and deactivate it. If you do want to use it, just make sure that it is activated here and that in the user setup, you define it in these two fields here.

So that’s a little bit about our Advanced User Management extension and the setup that goes on behind the scenes on the Advanced User Management setup. Again, there’s a lot of great functionality here that extends the base code of Business Central. Some of the main use cases, again, are restricting user views to only a certain range of customers that they’re dealing with, potentially restricting users to a set of dimensions that they’re associated with. For example, a department, like we talked about. Restricting user views to GL accounts that they’re associated with. The example we went through here was only the revenue accounts that the customer or user is associated with.

And then another use case that we’ve seen a few times as well is allowing your customers to actually access Business Central and view their customer records. So, for example, if I were to clear this out, you could potentially give “Alpha Generators” access to your Business Central instance, and only give them access to sales activity. And by narrowing this field down to just the customer, they could actually log in and use it as a quasi-customer portal.

So, a lot of great functionality was covered today in this video. If there’s anything you’d like to see in future releases of this extension, please feel free to reach out with those suggestions. If you’d like any training, or have any additional questions on the extension itself, please feel free to also reach out to our team, we’re happy to help at any time and we look forward to hearing from you. Thank you.

Back to blog