Comments
The comment is not entirely accurate, as the permission set mentioned includes system right 6110, which allows both actions: exporting to Excel and editing data in Excel and writing it back. These functions should be separated to ensure proper authorization. There are already some ideas on how to address this issue. Please vote there.
There are now indeed four Excel permission sets, but they are useless (despite being labeled “Read, view, edit ”) because the permission for System ID 6110 includes both exporting and editing in Excel. We need here 2 separate system permissions.Only workaround to exclude everywhere CU 1488; while this does not prevent the two operations, it triggers only an error message.There’s already an idea here that has more votes; please continue voting there. In my opinion, this is a bug and, with all due respect, a security vulnerability, since the names of the permission sets give a misleading impression.https://experience.dynamics.com/ideas/idea/?ideaid=01febe9d-6c3c-ee11-a81c-6045bdb6c2ac#
With all due respect, the four Excel permission sets are useless because, despite being labeled “Read, View,” users can edit data in Excel as soon as even just system permission 6110 is granted. Customers want to determine for themselves who is allowed to export to Excel and which users are allowed to write back data that has been modified in Excel.This is a major security vulnerability, as the naming of the permission sets gives the false impression that only “Read” access is permitted when they are assigned.