Feature-level permissions are much more user-friendly and practical. Traditional permissions on codeunits, tables and other objects can be overly technical, making them difficult for most users to understand and manage.
By aligning permissions with system features, this approach simplifies access management, enhances usability, and improves overall efficiency.
Here are five examples on how this could look like:
1. Sales Order Management
Grant users access to create, edit, and approve sales orders without exposing unrelated tables or reports, streamlining the sales process.
2. Inventory Tracking
Allow warehouse staff to view stock levels, update inventory counts, and track item movements, all within the inventory management feature.
3. Employee Time Entry
Enable employees to log working hours and managers to approve timesheets without requiring access to the entire HR module or related tables.
4. Financial Reporting
Provide accountants with access to generate, export, and view financial reports while restricting access to underlying data tables.
5. Vendor Management
Allow procurement staff to manage vendor profiles, view purchase history, and create purchase orders, focusing solely on vendor-related actions.
Comments
We have long offered our customers “sample permissions” for the OnPrem solution based on the company's organizational roles. For example, there are basic roles that only contain rudimentary rights for logging in and creating (e.g. Sales Basic for creating sales documents, Purchase Basic for purchase orders, etc.). All booking functions for the respective business area are further (additional) roles, so you remain flexible, because often not everyone in a department is allowed to book. By creating smaller modules for specific tasks in addition to the basic roles, a rights concept can be set up flexibly. By using a descriptive name, a permission administrator can later recognize which permissions have been assigned to a user. With the new logic of referencing other permission sets, you also remain updateable when new versions are imported. Finally, customers can better identify themselves with their “own” roles and continue to manage permissions independently.
Category: General
I agree with this theory and can see how this would streamline permissions. It would be nice to have it as an option. The record permissions function is a very useful tool as a workaround in the meantime.
Category: General
Business Central Team (administrator)
Thank you for this suggestion! Currently this is not on our roadmap. We are tracking this idea and if it gathers more votes and comments we will consider it in the future. Best regards, Business Central Team