One of the reasons companies opt for implementing an ERP system is to ensure, compared to other business applications, increased security regarding transactions and sensitive company information. The concept of security is quite broad, and when applied to ERP systems, it covers several aspects that we will try to detail in this article.
Authentication Security in the ERP System
It is self-evident that the ERP system should only be accessed by authorized users. Usually, this means authentication with a username and password, but recently, two-step authentication (2-tier authentication) has also been practiced, which means that an additional element is needed to validate the authentication data. Usually, this is the user’s mobile phone, which generates an additional code through an application. In the Dynamics 365 Business Central ERP system, besides the usual authentication methods, two-step authentication can be implemented using the Microsoft Office 365 account as an authentication option.
User Role Security in the ERP System
Another security mechanism applies to the roles users fulfill within the company. For example, a procurement order operator will have specific rights in the purchasing module, which will differ from, say, the rights of an operator in the service module. Role-based security is usually resolved by granting permissions for certain pages, tables, and reports. It varies in implementation from one ERP system to another; in Business Central, it is achieved through permission sets. Permission sets are grouped permissions based on certain types of activities that can be performed. Permissions are assigned to users, allowing them to perform those activities. In the image below, we have permission sets available in Business Central:
Data Entry Security in the ERP System
Any ERP system ensures data entry validations so that the data conforms to general business rules or the company’s business rules. The former are usually implemented in the application’s source code and cannot be modified – for example, the rule that in an accounting transaction, the debit amounts must equal the credit amounts. If the rule is not followed, an error message appears:
Company-specific rules are configured during the ERP system implementation (or later). For example, if the company wants to set a certain value threshold for authorizing sales orders, this can be done in the system by configuring approval workflows in the ERP system, whereby a sales order cannot be posted unless it receives approval from an authorized person.
Security of Transactions Recorded in the ERP System
Once recorded in the ERP system, transactions are protected by several mechanisms. First, it is not possible to modify already recorded transactions, at least not at the user interface level. If there are operational errors and incorrect transactions are recorded, they are corrected only through other transactions and not by modifying or deleting data.
Secondly, there is transaction traceability, meaning that for each transaction, a log is created that shows information about the user who created the transaction, the date and time of creation, the functional area from which it was generated, etc. For example, in Business Central transactions are logged in a table like this:
Security of Configurations and Documents in Progress
For changes in settings or working documents, monitoring can be configured in the ERP system at the field level in tables, so that each change is logged. For changes considered sensitive, email alerts can also be configured, so that the system administrator or another authorized person can be informed in real time about changes occurring in the system.
All these are various aspects of transaction security in ERP systems. If these aspects are critical to your business, do not hesitate to contact us.
Elian Solutions is part of the Bittnet Group, active for over 15 years as an implementer of the Microsoft Dynamics 365 Business Central ERP system. With a team of over 70 employees and a portfolio of over 250 clients, Elian Solutions is one of the key Microsoft partners for ERP systems.
