Posts Tagged ‘ Segregation of Duties

Dynamics 365 Finance and Operations Segregation of Duties Nedir?

Segregation of Duties görev ayrılığı olarak çevriliyor. Şöyle izah etmeye çalışayım. İki kritik görevi(Duty) aynı kişide toplanmasın istiyorsunuz örneğin fatura işleme ve ödeme çıkma gibi iki görevin aynı kişide olmaması gerekiyor. Binlerce kişinin çalıştığı bir firmadasınız ve bunu takip etmek belli bir aşamada mümkün olmuyor işte tam burada SoD devreye giriyor. Duty üzerinden yaptığınız bir tanım size bu tip durumlar için uyarı veriyor ve kontrol etme imkânı sağlıyor.

Önceki yazılarda kullandığımız güvenlik nesnelerini kullanarak bir örnek yapalım. Security Configuration formunu açıyoruz.

Resim-1

Read more

What is Dynamics 365 Finance and Operations Segregation of Duties?

Segregation of Duties görev ayrılığı olarak çevriliyor. Let me explain it with an example. Let’s say you want two critical Duties not to be assigned to the same person. For example, two duties such as invoice processing and payment should not be assigned to the same person. You are in a company where thousands of people work and it is not possible to track at a certain stage. Here SoD comes into play. A definition you make through Duty gives you a warning for such situations and allows you to control them.

Let’s see an example using the security objects we used in previous articles. Open the Security Configuration form.

Image-1

From the Segregation of duties tab, click on the Segregation of duties rules button. This form is also available directly on the menu. You can see it in Image-9.

Image-2

There are no records yet in the form that opens. Let’s create one by clicking New.

Image-3

Specify a name and select two Duties. I have chosen two sample Duties. The only thing I pay attention to is, I know which roles these two Duties are used in. I will need it to show the example. Of course, you will make this definition according to your business needs.

Image-4

After saving, it comes to my test user. FD Customer listing task is attached due to its current role. I add a new role and select one that includes Customer Invoicing. When I click add, there is a warning saying that a conflict occurred. If I click Yes, it will create a solution record for me.

Image-5

The record created includes information about this operation. I can accept assignment with the Allow Assignment option.

Image-6

Accepting means overriding the rule, so it asks for an explanation. After providing one, we have added the role. We could have blocked it if we wanted to.

Image-7

When you create a new SoD, you can check if there are anything that does not follow this rule. There is something that doesn’t follow my rule, but since we created an override record it didn’t appear here.

Image-8

You can follow the created records from the menu in Image-9.

Image-9

In this article, I have tried to explain briefly what Segregation of Duties is. Although it is a very nice feature, it still has many deficiencies. For example, it only works with Duty, but there is no solution for direct Privileges assigned to a Role. It asks when adding it to the role, but it does not have a mechanism that controls the changing duty contents afterwards. It is possible to use it. Especially if you do not define authorization other than Duty and create your Duties with the right logic, you can use it very easily. Investments are still being made in this feature, I think it will become much more developed in a short time.

Regards.

www.fatihdemirci.net

TAGs: Microsoft Life Cycle Services, LCS, Azure, Azure DevOps, Segregation of Duties, Microsoft Dynamics 365, MsDyn365FO, MsDyn365CE, MsDyn365, Dynamics 365 Insights Power BI, Power Automate, Power Apps, Power Virtual Agents, what is Dynamics 365, Dynamics 365 ERP, Dynamics 365 CRM