Often as part of an implementation or an upgrade user access and permissions get the short end of the stick. Most of the time, setting up security is built into the timeline, but it’s always towards the end because it relies on other items to be completed first. What usually happens is that something else further upstream takes longer and then the time for security gets pressed against the go-live date. Regardless if you need to be concerned with SOX Compliance in NAV, security should be a priority. Here are 5 things to help you set up your NAV security.
Design then build
It’s important to really think through your security first. When you build a house you don’t start drawing the blueprint and building at the same time. If you did you would end up with a mess, timing would be an issue, and one side might be waiting on each other. Instead the architect designs the blueprint and then the builders execute that vision. It should be the same with your security and permissions. It makes sense to sit down and identify the types of roles in your organization and then work through what each role needs access to. Once you have a clear vision of what you need then it’s much easier to execute.
Smaller is better
In the case of permissions and access that users have in the system, smaller is better. The smaller you make the roles the easier it is to make sure that users do not have access to something they shouldn’t.
Words mean things
As you build the roles for your organization make sure that they are named something that users can recognize and will easily inform the reviewer of what the user has access to. For example, a role named CREATEPO is more recognizable by an accounting manager reviewing permissions than something like P&P-Q/O/I/R/C.
In most cases when you use the word Super it is a good thing. However, in NAV when granting security to users, giving end users the super permission set is not a good thing. In NAV the number of users with Super should be as few as possible. Super grants users full access to the system and development environment which is very dangerous in the wrong hands. It is a huge security risk for any organization. End users with Super access should be reviewed on a regular basis.
To know or not to know
Do you know who is changing your data? If you don’t know who is changing information for things like vendors, customer and accounts, there is a potential risk for bad things to happen. Make sure to identify some key areas to track changes in. Vendors and Customer data are two areas that auditors will recommend that you track and review on a continuous basis. For more on this check out our blog on setting up Audit Trails
Security in NAV may be the last thing to be done, but that doesn’t mean it has to the last thing on your mind. Use these 5 things as a guide to efficiently plan and implement security in your NAV environment. See how Fastpath solutions can assist you in controlling your risks.