The default for security filtering on explicit record variables is: Validated.
This means: Any code that defines a record as a variable has to set the security filtering to Filtered. And when the Base Application uses such a record we probably cannot change the the security filtering on it.
See: https://learn.microsoft.com/en-us/dynamics365/business-central/dev-itpro/security/security-filters,
"The Validated value is used mainly for compatibility with the security model in earlier versions of Business Central. We recommend that you use the other modes when you implement your security model."
We would need a mixture of Filtered or Ignored. See, for instance, 703 "Find Record Management", FindLastEntryIgnoringSecurityFilter(RecRef).
So, what if you change the default value security filtering on explicit record variables to: Filtered?
Business Central Team (administrator)
Thank you for this suggestion! Currently this is not on our roadmap. We are tracking this idea and if it gathers more votes and comments we will consider it in the future. Best regards, Business Central Team