How to manage Permission Sets in Business Central?

In this video, I will go through how you manage the permission sets in Business Central. So first I have to find the permission sets.

Managing Permission Sets in Business Central

Play

Feedback

Helpful
Not helpful
Needs update
Technical error

An advanced video is for the experts, and it requires detailed knowledge about the specific area of Business Central. Advanced A "configuration"-video is about how you configure your solution and get it ready for use. Typically, these videos are quite advanced. Configurations

Playlists Manage

Video Menu Playlists Click to create playlists

Presenter: Jesper Nielsen, Head of Onboarding

» More about Jesper

Jesper on LinkedIn

This is what happens in the video

Permission sets are the core of how access works in Business Central. They define which table data each user can read, insert, modify, delete, and execute. Every user needs at least a minimum set of permissions to work in the database.

Permission sets come in different types: user-defined, extension, and system. You can only edit user-defined permission sets. The others are locked.

The data permissions matter most. Permissions are built around table data because that controls what a user can actually see. Object access to reports, code units, and other objects has little value on its own. If you have access to all reports but no access to the underlying table data, the reports show nothing useful.

The five permission types are read, insert, modify, delete, and execute. An indirect permission means a user has no direct access to a table, but can reach it through another table they do have access to.

Where to find permission sets in Business Central

You manage permissions through the permission set list in Business Central. The list shows all permission sets and their type: user-defined, extension, or system. Only user-defined permission sets can be changed. To inspect or edit one, open a user-defined permission set and choose Permissions.

What a permission set contains

A permission set is a list of table data that a user has access to. When you open the Permissions view, the first column shows that the line refers to table data. You also get the table ID and the table name, followed by the individual permissions.

The available permissions are:

Read – view the entries in the table.
Insert – add new entries to the table.
Modify – change existing entries in the table.
Delete – remove entries from the table.
Execute – run the object.

Why table data is what matters

Permissions are built around the data because the data is what carries value in Business Central. Below the table data lines you will see other object types such as table, report, code unit, and XMLport. These usually have object ID 0, which means you have access to all objects of that type.

That broad access is not the part that decides what a user can do. The table data is the one that tells you what you can actually see. If you have access to every report in the system but no access to the table data behind them, those reports show nothing and are of no practical use.

Editing a user-defined permission set

In a user-defined permission set you can add new tables, delete tables, and set the permissions to whatever you need for each table. This is where you tailor access to match how a given role should work.

Direct and indirect permissions

A permission can be direct or indirect. If a permission is indirect, the user does not have direct access to that table. Instead, they reach it through another table they already have access to. The indirect setting lets a table be used as part of a process without granting the user open access to it on its own.

Q&A

What is a permission set in Business Central?

A permission set is a list of table data that a user has access to, along with the read, insert, modify, delete, and execute permissions for each table. It defines what a user can do in the database.

Which permission sets can I edit?

Only user-defined permission sets can be edited. Extension and system permission sets are locked and cannot be changed.

What are the five permission types?

Read, insert, modify, delete, and execute. Read lets you view entries, insert adds new entries, modify changes existing entries, delete removes entries, and execute runs the object.

Why does table data matter more than object access?

The data is what carries value in Business Central. Object access alone, such as access to all reports, is of no use if you cannot see the underlying table data. The table data controls what a user can actually see.

What is an indirect permission?

An indirect permission means the user has no direct access to a table, but can reach it through another table they do have access to. It allows a table to be used as part of a process without granting open access to it.