Business Central How-To: Restricting Access to Sandbox Environments via Security Groups
Reading time: 2 - 3 minutes
When creating sandbox systems, you might find yourself wanting to restrict which users can access the new test environment. But if your new sandbox is based on the production environment, all users with access to the main system will also be granted the same level of access to the sandbox.
Traditionally, your only real option was to go into your new sandbox and remove as many permissions from your users as required to prevent access. Quite a time intensive process if you have a lot of users!
Luckily, if you have access to the Business Central Admin Centre and can make Security Groups within Microsoft 365, this is now quick and easy to achieve. If you have access to the Admin Centre, you can find it via the Cog Wheel in the upper right > Admin Centre.
The crux is that on the environment within the Admin Centre, you can set a Security Group. Only users who are a part of this group will have access to the sandbox system.
Simply select the correct Security Group setup for this purpose:
One thing to watch out for though: you can only set one Security Group against an environment. As such, we’ve created one for this direct purpose here called Business Central Sandbox within the Microsoft 365 Admin Centre, where the only users who are members to this are the ones who should have access.
When any user who is not a part of this Security Group attempts to access this sandbox, they will get the following error message.
It’s worth mentioning that since you can only assign one Security Group to an environment, you ideally wouldn’t want to use that same one to assign Permissions to users. This could cause some overlap and may be clearer and easier to have a dedicated Security Group solely for sandbox/environment access.
We’re using this process here in our example for locking sandbox systems to those who we want to access them only. However, this same method can be used if you have multiple production environments you wish to lock down further, preventing users who should only be within a UK environment from accessing a US one, for example.
Keep an eye on our blog for more tips and tricks and, if you have any questions about how we can support your business, please get in touch today.