Confidential Data Protection¶
Confidential Data Protection is a Business Central extension that helps you protect your sensitive and confidential data from unauthorized access. It allows you to designate specific users as SUPER administrator, specify which tables contain confidential data, mark G/L accounts as "Confidential", generate restricted permission sets, resolve confidentiality-violating permission set assignments, and get better insights into permission sets.
Why Confidential Data Protection?¶
In many businesses, there is certain data that should not be exposed to all users, such as financial transactions, budgets, salaries, contracts, etc. However, by default, Business Central does not provide a way to restrict access to this data based on the content of the records. For example, if a user has the permission assigned to view the G/L Entry table, they will be able to see all the entries in that table, regardless of the G/L account(s) they are related to. However, many users would not be able to perform their daily tasks without this table permission, and it is common for users to have this permission.
This poses a serious risk for your business, as it can compromise your data security, privacy, and compliance. Moreover, it can affect your users' productivity and performance, as they will have to deal with a lot of irrelevant and distracting information.
Confidential Data Protection solves this problem by enabling you to define which data should be treated confidentially, and who can access that data, at a more granular level. It also helps you to manage your permission sets more efficiently and effectively, by providing you with tools to monitor and resolve any issues related to data confidentiality.
How Confidential Data Protection Works¶
Confidential Data Protection works by adding a layer of security and control over your data and permission sets.
The extension achieves this by adding the following features to your Business Central environment:
-
This feature allows you to designate specific users as SUPER administrators, who will be the only users able to assign the SUPER, SUPER (DATA) and SECURITY permission sets to other users. This way, you can limit the number of users who have and can grant full access to your system and data.
Set up SUPER administrators in your Business Central environment to limit the number of users that have and can grant full access to your system and data. -
This feature allows you to specify which tables in your Business Central environment contain confidential data. By default, the extension suggests to consider the G/L Entry and G/L Budget Entry tables as confidential, which is the recommended setup. However, you can also add or remove other tables as needed.
Set up tables that should be considered as containing confidential data and should be treated and protected accordingly.
-
This feature allows you to mark certain G/L accounts as "Confidential", so that the related G/L data for these accounts will not be exposed to users who have access to the G/L Entry table. Instead, only users who have explicit permission to view these accounts will be able to see the entries for those accounts.
Protect G/L data for G/L accounts that relate to confidential data by marking specific G/L accounts as "Confidential". This way users will not have access to the G/L data related to that G/L account, not even from calculated flowfields. -
The Confidential Data Protection extension includes a feature which automatically protects your Business Central environment against confidentiality-violating permission set assignments. To achieve this the extension automatically generates Restricted permission sets, which are permission sets that exclude access to confidential table data.
For example, if you have a permission set that grants access to the G/L Entry table and attempt to assign it to a user or group of users, the extension automatically provides and assigns a restricted permission set that will only grant access to the entries of non-confidential G/L accounts instead. You can also assign these restricted permission sets yourself directly to your users, who do not need to see confidential data.
The extension automatically protects you against attempts to create confidentiality-violating permission set assignments. This is achieved by automatically generating "restricted" permission sets and assigning these permission sets instead.
-
Confidentiality Violation Resolution
This feature allows you to identify and resolve any permission set assignments that violate your data confidentiality rules. For example, if you have a user who has been assigned a permission set that grants access to a confidential table or a confidential G/L account, the Confidential Data Protection extension helps you to identify and fix this issue by replacing the confidentiality-violating permission set assignment.
Identify and resolve confidentiality-violating permission set assignments. -
This feature allows you to get better insights into your permission sets and their properties and usages.
- Easily find out the number of users and/or groups of users that have been assigned a certain permission set.
- Easily find out which permission sets expose confidential table data, and for which confidential tables these permission sets expose confidential data.
- Easily find out which restricted permission sets have been generated by the Confidential Data Protection extension, and for what reason.
On the Permission Sets page you will also have new fields at your disposal that you can use to filter and sort.
Get better insights into your permission sets, and their properties and usages.
How to Get Started¶
To get started with the Confidential Data Protection extension, you need to install the extension in your Business Central environment from Microsoft AppSource. Please note that you can try out the Confidential Data Protection extension completely for free by installing it directly from Microsoft AppSource in one of your Business Central Sandbox environments; no trial period, no obligations!
In our online Installation Manual you can find all the instructions you need to install the extension and configure permissions. Then it is just a matter of opening the Confidential Data Protection Setup Wizard page and following the steps, as described in the Setup section of the installation manual.
For more detailed information about the Confidential Data Protection extension, and its features, please check out our User Manual.
Contact and Support¶
We hope you (will) enjoy using the Confidential Data Protection extension to help make your business more secure.
If you have any questions or feedback that you would like to share with us, please feel free to reach out to our Support team.