Improve Segregation Of Duty in Business Central 

Best Practices for implementation and documentation

It would be interesting to improve the Segregation Of Duty in Business Central, at least create documentation with ready-made test cases for the most usual scenarios. (for 365F&O it is well documented)

ex:

Preventing user from changing his role in settings "topic"

To prevent a user from changing their role in settings in Business Central, you can assign a profile to the user and restrict their ability to modify it. The profile then determines the user's role center, the home page that users will see when they sign in. The profile does not impact access rights to functionality in Business Central.

If you cannot copy an existing profile, you can create a new one manually.

Option 1

1. In the users permission, exclude the modify permission from the "User Personalization" table

Option 2

1. Use the design on the "user settings" window for "each role" and remove ability to see the role field.

2. Remove the personalization option on the role to prevent personalization.

Community links

Dynamics 365 Business Central: Controlling user access to the setups in the Settings menu (Personalize, Design, My Settings, Company information, Assisted setup, Advanced Settings, Admin Center) – No customization

https://yzhums.com/26772/

MS links I found

links for Business Central

https://learn.microsoft.com/en-us/dynamics365/business-central/admin-users-profiles-roles

https://learn.microsoft.com/en-us/dynamics365/business-central/admin-manage-user-settings-preferences

Links for 365F&O

Set up segregation of duties - Finance & Operations | Dynamics 365 | Microsoft Learn

https://learn.microsoft.com/en-us/dynamics365/fin-ops-core/fin-ops/sysadmin/set-up-segregation-duties

Thanks