So after recently adopting Azure Security Groups with Business Central I learnt that the built in IsSuper check in codeunit 153 "User Permissions Impl." does not consider super if it has been allocated via a Security Group such that for example a user with super permission set allocated via security group cannot check effective permissions from user card (as they get told they need to have super permission!).

I am told this behaviour is by design and the user's with have super via the security group can allocate themselves super user permission set but this seems to defeat the objective of not having to allocate user specific permission sets.

It would seem to be a fairly easy thing to check in code since there is already code to do this in the base app that can easily add the required filters (see GetAccessControlFilterForUser function in the codeunit 9852 "Effective Permissions Mgt."). Could Microsoft please amend the IsSuper function to consider permission set alllocated via security group, or at least add an event so we can do it as a customisation?

Category: General
Needs Votes
Ideas Administrator

Thank you for this suggestion! Currently this is not on our roadmap. We are tracking this idea and if it gathers more votes and comments we will consider it in the future. Best regards, Business Central Team