All Apps
Menu

Permission Setup

Download GDPR

Permission Setup

The GDPR Data Management app uses Business Central's permission system to control access to personal data and GDPR functionality. Proper permission setup is crucial for both security and compliance.

Built-in Permission Sets

GDPR-ADMIN

Purpose: Full administrative access to all GDPR functionality Target Users: GDPR administrators, system administrators, compliance officers

Permissions Include: - Read/Write access to all GDPR tables - Execute permissions for all GDPR codeunits<br> - Access to initialization and configuration functions - View all logging and audit information - Manage data categories and documentation elements

GDPR-USER

Purpose: Standard user access for data cleaning operations Target Users: Business users who need to clean personal data

Permissions Include: - Read access to GDPR documentation - Execute data cleaning operations - View cleaning session logs - Read-only access to data categories - Limited configuration access

Personal Data Permission Set

Purpose: Dynamically created to identify personal data tables Target: System use - not directly assigned to users Function: Defines which tables contain personal data for scanning and cleaning

Permission Assignment Process

Step 1: Identify User Roles

GDPR Administrator Roles

  • System Administrators: Full BC admin + GDPR-ADMIN
  • Compliance Officers: GDPR-ADMIN + relevant business area permissions
  • Data Protection Officers: GDPR-ADMIN + audit permissions

Business User Roles

  • Department Managers: GDPR-USER + department-specific data access
  • Data Processors: GDPR-USER + limited table access
  • Support Staff: GDPR-USER + customer data access only

Step 2: Assign Base Permission Sets

For Administrators

  1. Open Users page in Business Central
  2. Select the administrator user
  3. Navigate to User Permission Sets
  4. Add GDPR-ADMIN permission set
  5. Verify effective permissions include GDPR objects

For Business Users

  1. Select the business user
  2. Add GDPR-USER permission set
  3. Ensure they have read access to relevant business data tables
  4. Test access to GDPR functions

Custom Permission Sets

Department-Specific Permission Sets

Sales Department GDPR Access

Permission Set ID: GDPR-SALES
Description: GDPR access for sales department

Object Type    Object ID    Name                           Permission
Table Data     18           Customer                       RIMD
Table Data     21           Cust. Ledger Entry            RI
Table Data     25           Vendor Ledger Entry           RI
Table Data     11195990     QTEAM Data Cleaner Log Entry  RIMD
Table Data     11195991     DD GDPR Documentation Element RIMD
Codeunit       11195993     QTEAM Data Cleaner           X

HR Department GDPR Access

Permission Set ID: GDPR-HR
Description: GDPR access for HR department

Object Type    Object ID    Name                           Permission
Table Data     5200         Employee                       RIMD
Table Data     5201         Employee Qualification         RIMD
Table Data     5202         Employee Stat. Group          RIMD
Table Data     11195990     QTEAM Data Cleaner Log Entry  RIMD
Codeunit       11195993     QTEAM Data Cleaner           X

Creating Custom Permission Sets

  1. Open Permission Sets Page
    • Navigate to Permission Sets in BC
    • Click New to create a new set
  2. Configure Basic Information
    • Permission Set ID: Use naming convention (GDPR-[DEPT])
    • Name: Descriptive name for the permission set
    • Company Name: Leave blank for global use
  3. Add Object Permissions
    • Click Permissions action
    • Add required table data permissions
    • Add codeunit execute permissions for GDPR functions
    • Set appropriate permission levels (R=Read, I=Insert, M=Modify, D=Delete, X=Execute)

Permission Validation

Testing User Access

Administrator Access Test

  1. Login as GDPR Administrator
  2. Verify Access To:
    • GDPR Setup page (should open without errors)
    • GDPR Register List (should show all elements)
    • Initialize function (should execute successfully)
    • All data cleaning functions

Business User Access Test

  1. Login as Business User
  2. Verify Access To:
    • GDPR Register List (filtered to their department data)
    • Data cleaning functions for their tables
    • Session log viewing
    • No access to configuration pages

Common Access Issues

User Cannot Access GDPR Functions

  • Cause: GDPR permission set not assigned
  • Solution: Assign appropriate GDPR permission set

User Can See All Data Despite Department Restrictions

  • Cause: SUPER permission set overrides restrictions
  • Solution: Remove SUPER, use specific permission sets only

Data Cleaning Operations Fail

  • Cause: Missing table data permissions
  • Solution: Verify user has modify permissions for target tables

Security Best Practices

Principle of Least Privilege

  • Grant Minimum Required Access: Users should only access data necessary for their role
  • Regular Permission Reviews: Audit user permissions quarterly
  • Remove Unused Access: Promptly remove permissions when roles change

Segregation of Duties

  • Separate Admin and User Roles: Administrators should not perform daily data operations
  • Approval Workflows: Consider approval processes for bulk data deletion
  • Audit Trails: Monitor all GDPR operations through built-in logging

Data Classification Alignment

  • Permission-Based Classification: Use permissions to determine data sensitivity
  • Hierarchical Access Control: Match permissions to organizational hierarchy
  • Cross-Department Controls: Restrict access between unrelated departments

Monitoring and Auditing

Permission Usage Monitoring

  • Regular Log Reviews: Check GDPR operation logs for unusual access patterns
  • Failed Access Attempts: Monitor BC security logs for failed GDPR access
  • Privilege Escalation: Watch for users requesting additional permissions

Compliance Reporting

  • Permission Reports: Generate reports showing who has access to personal data
  • Access Reviews: Document periodic access reviews for compliance audits
  • Change Documentation: Maintain records of permission changes and rationale

Advanced Configuration

Integration with BC Security Features

Conditional Access

  • IP Restrictions: Limit GDPR access to specific IP ranges if needed
  • Time-Based Access: Restrict data cleaning to business hours
  • Multi-Factor Authentication: Require MFA for GDPR administrators

Record-Level Security

  • Security Filters: Use BC security filters to restrict data access by department
  • User Groups: Organize users with similar GDPR access needs
  • Team Member Access: Configure appropriate access for team member license users

API and Web Service Security

If exposing GDPR functionality via APIs: - Service Account Permissions: Create dedicated service accounts with minimal permissions - OAuth Configuration: Use OAuth 2.0 for API authentication - Rate Limiting: Implement rate limits on GDPR API calls

Migration and Upgrades

Permission Set Maintenance During Upgrades

  • Backup Permission Sets: Export custom permission sets before upgrades
  • Version Compatibility: Verify permission sets work with new BC versions
  • Object ID Changes: Update permissions if GDPR object IDs change

User Migration

  • Permission Mapping: Document permission mappings for user role changes
  • Transition Period: Plan transition periods when migrating permission structures
  • Testing: Test new permission configurations in sandbox environments

Next Steps

After setting up permissions:

  1. Data Classification: Begin classifying personal data
  2. Data Cleaning Process: Start using cleaning functionality
  3. Session Management: Learn about cleaning session management

Support

For permission-related issues: - Review BC security documentation - Check Troubleshooting - Permission Problems - Contact Q-Team Solutions Support for app-specific issues