web
You’re offline. This is a read only version of the page.
close
Skip to main content
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Small and medium business | Business Central, N... / How to segregate Syste...
Small and medium business | Business Central, N...
Suggested Answer

How to segregate System Administrator duties between 2 IT staff in Dynamics 365 Business Central?

(4) ShareShare
ReportReport
Posted on by MB-22100407-0 86

Hi Community,

 

We are a small IT team of 2 managing our Dynamics 365 Business Central environment. Currently, both of us have SUPER access, but we want to implement Segregation of Duties (SoD) to reduce risk.

 

Specifically, we want to ensure:

 

  •  

    No single IT staff member can make critical system changes alone (e.g., creating users and assigning full admin permissions).


  •  

    Administrative duties are split in a way that both can manage the system safely.


  •  

    Change logs and approvals can be leveraged to maintain accountability.



    •  
 

We would like guidance on:

 

  1.  

    Best practices for splitting IT responsibilities in BC.


  2.  

    How to use permission sets instead of full SUPER access for day-to-day tasks.


  3.  

    Recommended approval or review processes for system changes.


  4.  

    Any tips on using sandbox environments for testing changes safely.



    5.  
 

Thank you in advance for your insights!

Categories:
Dynamics 365 Business Central
I have the same question (0)
  • Suggested answer
    OussamaSabbouh Profile Picture
    OussamaSabbouh 5,055 on at
    How to segregate System Administrator duties between 2 IT staff in Dynamics 365 Business Central?
    Hello,
     
    1. Best Practices for Splitting IT Responsibilities
    • Define Roles Clearly: Assign specific roles to each IT staff member based on their responsibilities. For example, one could focus on user management while the other handles system configurations.
    • Limit SUPER Access: Avoid assigning SUPER access to both team members. Instead, create custom permission sets that grant only the necessary permissions for their roles. This minimizes the risk of unauthorized changes.
    • Implement Just-in-Time Access: Use just-in-time access for critical changes, allowing access only when necessary. This can be managed through the new Dynamics 365 Business Central Administrator role, which provides granular access without granting full admin rights.
    2. Using Permission Sets Instead of Full SUPER Access
    • Create Custom Permission Sets: Develop permission sets tailored to the specific tasks each team member needs to perform. This can include permissions for user management, system configuration, and reporting without granting full SUPER access.
    • Review and Update Regularly: Regularly review and update these permission sets to ensure they align with current responsibilities and security needs.
    3. Recommended Approval or Review Processes for System Changes
    • Establish Change Management Procedures: Implement a formal change management process that requires both team members to approve any critical changes. This could involve documenting the proposed changes and having both parties sign off before implementation.
    • Utilize Change Logs: Leverage change logs to track all modifications made to the system. This provides accountability and allows for audits to ensure compliance with your SoD policies.
    4. Tips on Using Sandbox Environments for Testing Changes Safely
    • Create a Dedicated Sandbox Environment: Use a separate sandbox environment for testing changes before applying them to the production environment. This allows you to evaluate the impact of changes without risking the live system.
    • Test with Realistic Scenarios: Simulate real-world scenarios in the sandbox to ensure that changes function as expected and do not introduce new issues.
    • Document Testing Outcomes: Keep records of what was tested and the results to maintain a
  • Suggested answer
    Alex A Profile Picture
    Alex A 2,853 on at
    How to segregate System Administrator duties between 2 IT staff in Dynamics 365 Business Central?
    You have to have at least one person with SUPER user permission. If you remove it from the last person, you'll be jacked; effectively locked out of full administrative control. I mean, there may be some recovery options depending on how you're setup/hosted, but you'll have yourself a problem.
     
    Use the Change Log and configure the logging of changes to the Setup related tables. This will hold each person accountable who has the power to make changes.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Small and medium business | Business Central, NAV, RMS

#1
OussamaSabbouh Profile Picture

OussamaSabbouh 3,377

#2
Jainam M. Kothari Profile Picture

Jainam M. Kothari 2,696 Super User 2025 Season 2

#3
YUN ZHU Profile Picture

YUN ZHU 1,512 Super User 2025 Season 2

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans