Navigating Security, Permissions, and User Groups in Dynamics 365 Business Central
As a Business Central Administrator, one of your roles is to manage permissions for users & groups of users within your organization. You may be a Finance or Operations manager, an IT manager, an Office Manager, or the Business Central Administrator for your organization. This blog was written with you in mind! Whether you are going through a Business Central implementation, or have already implemented Business Central and are looking to align security & permissions to the roles & responsibilities of users within your organization, we have geared this content for you.
User Groups
User Groups in Dynamics 365 Business Central are an easy way to group together permissions that will be common among multiple users.
Let’s say you have a customer service group that you would like to grant access to Business Central, but you want to limit their access to Customers and Sales Orders only. You can create a new User Group and assign the appropriate permission sets to that group.
When you’re creating the group, you can also assign the group a “Default Profile” – or role center the user will see when they log in.
Once the User Group is created, you can assign permission sets to that User Group
You can quickly view the permission sets associated with each User Group in the “Permission Sets” Fact Box on the right side of the User Group Window.
Permission
If you’d like to know more about what is defined in each permission set assigned to your User Groups, you can view this data by viewing the “Permission Set by User Group” matrix.
In this view, the permission sets are listed in the left-hand rows, while the User Groups are listed as columns at the top. If I select a row for the permission set I’m curious about, I can see in each column whether the User Group in question includes that permission set.
With the permission set highlighted, you can see the permissions to Table Data and other objects in the right-hand Fact Box for Permissions.
Alternatively, if you drill down into “Permissions” link in the top left corner, you can see a full matrix of the associated permissions, including whether the permission is read/ write/ modify/delete, and direct/indirect.
Users
Assigning Permissions to Users
Users can be assigned permission either through User Groups, through direct permission set assignment, or both.
In the User Card, there are tabs for both User Groups and User Permission Sets. You can see the full list of User Groups assigned to that user.
The User Permission Sets tab of the user card will automatically inherit the permission sets associated with the User Groups assigned.
As an example, in my Cronus environment, user MATTS has recently been assigned the new “BC NEW CS” User Group we created earlier. When this User Group was assigned, each permission set that was added to the User Group is automatically added to the User.
Let’s say that in addition to the permissions in the Customer Service Group, I also want Matt to be able to view items. If this is a permission that I want to give Matt, but I don’t want to give to the entire Customer Service Group, I can add that permission on top of the permissions from his User Group.
In this way, I can “build on” to the User Groups by adding an individual permission for this user.
Assigning Permissions by Company
Another feature of the User Card is that you can assign User Groups and Permission Sets to Users by company. This will only apply if you have multiple companies in Business Central, but if you do (and you have different users in each company) this feature is very helpful.
When assigning the User Group or the User Permission Set, there is a field for “Company.” If the User needs to work in only one company, you can define the company at the time the groups or permissions are assigned. If the user needs permission in more than one company, you can leave the field blank to assign to “all” companies.
Taking our previous example, let’s say that I want to assign the Customer Service User Group to Matt for all companies, but I only want him to be able to view items in CRONUS. Here is what that set up would look like:
If you are interested in learning more about navigating security, permissions, and user groups in Dynamics 365 Business Central, here are additional resources:
Microsoft: https://docs.microsoft.com/en-us/dynamics365/business-central/ui-how-users-permissions
For upcoming releases in Dynamics 365 Business Central Security, see the Business Application release notes:
Under the terms of this license, you are authorized to share and redistribute the content across various mediums, subject to adherence to the specified conditions: you must provide proper attribution to Stoneridge as the original creator in a manner that does not imply their endorsement of your use, the material is to be utilized solely for non-commercial purposes, and alterations, modifications, or derivative works based on the original material are strictly prohibited.
Responsibility rests with the licensee to ensure that their use of the material does not violate any other rights.