Microsoft Idea

More restrictive Base permission

Kevin Fons on 6/28/2019 1:34:59 PM

It would be helpful to have a base permission set with out the Page (0) and Report (0) permission that has only the most basic required permissions for a user to get into BC. All the stock basic permission sets have the access to all pages and reports enabled. For any customer actually using permissions, the first thing we have to do is create a copy of the base permission set and then remove the Page 0 and report 0 permissions and then manually add the smaller set of pages and reports all users need.
This new base permission set would then allow more flexibility in adding permission set to add specific pages and reports based on the users roles and save time of not having to create the new base permission set.
Keep the existing permission sets but add a new one for the more restrictive base set.

STATUS DETAILS

Planned

2022 Release Wave 1

Business Central Team (administrator)

Thank you for your feedback. Currently this is not in our roadmap; however, we are tracking it and if we get more feedback and votes, we may consider it in the future.

Sincerely,

Tomás Navarro

PM, Microsoft

Comments

RE: More restrictive Base permission

K Cooper on 10/25/2021 4:13:28 PM

It would be useful and cost efficient to have the restriction access you mentioned.

For many clients, we setup No GL basic which is the Basic permission set without Report = 0 and Page = 0. Then tediously create Basic No GL sets for them by adding in all pages or reports then removing GL related objects.

I will look into importing these permission sets for on the cloud installations because the Extension permission sets include all objects needed but I would rather not risk causing a problem by importing into the permissions table.

Category: General

RE: More restrictive Base permission

Heather Roggeveen on 7/5/2021 10:51:32 PM

I agree totally. I have been trying to set up quite a restrictive permission set at a site recently. It is a complete nightmare. And it still isn't right - and now I have to troubleshoot further for access to specific web services for integration. Taking a leaf out of the Dynamics GP book would be good. Having the tasks defined in a granular level that can then be built up into a role. The tasks have all the appropriate permissions in the background.

Category: General

RE: More restrictive Base permission

Teri Gray on 10/15/2020 5:46:47 PM

Agree. It is a common ask of our clients that certain roles should NOT see many of the financial pages that expose the company's financials.

Category: General

RE: More restrictive Base permission

Christine Rauwolf on 1/14/2020 12:45:12 PM

I agree a hundred percent. We have been offering our customers customized basic rights based on manual authorizations at object level for a long time.
There is already an entry in this blog from my colleagues: https://experience.dynamics.com/ideas/idea/?ideaid=0a1a522c-e685-e911-80e7-0003ff68897c

Category: General

RE: More restrictive Base permission

Povl Odgaard on 12/6/2019 10:44:19 AM

100 % agree.

After base-app and system-app had been made, I think it would make very good sense to create a permission that only grants the user the basic permission in order to log in.

I've just had a case with Microsoft with a tenant here, where a custom permissionset for team-member licensed users lacked one specific 20000x table which caused tenant to be extra loaded and led to instability for the entire tenant.

This would have been avoided, if Microsoft made a basic system-permission set that all users got when created. A base permission to to be able to login. All other permissions set would add additional areas.

Category: General

RE: More restrictive Base permission

Ilona Sasal on 9/18/2019 2:32:26 PM

I agree with the above limitations of the system, not all users should be able to see certain confidential data within general ledger, bank accounts etc.

Category: General