icon, enter Users, and then choose the related link.To add users in Business Central , your company's Office 365 administrator must first create the users in the Office 365 Admin Center. For more information, see Add Users to Office 365 for business.
Once users are created in Office 365, they can be imported into the Users page in Business Central . Users are assigned permission sets depending on the plan assigned to the user in Office 365. For detailed information about licensing, see Microsoft Dynamics 365 Business Central Licensing Guide.
You can then proceed to assign permission sets to the users to define which database objects, and thereby which UI elements, they have access to, and in which companies. You can add users to user groups. This makes it easier to assign the same permission sets to multiple users.
A permission set is a collection of permissions for specific objects in the database. All users must be assigned one or more permission sets before they can access Business Central .
From the User Card page, you can open the Effective Permissions page to see which permissions the user has and through which permission sets they are granted. Here you can also change permission details for permission sets of type User-Defined. For more information, see To get an overview of a user's permissions.
Administrators can use the User Setup page to define periods of time during which specified users are able to post, and also specify if the system logs the amount of time users are logged on.
Another system that defines what users can access is the Experience setting. For more information, see Changing Which Features are Displayed.
icon, enter Users, and then choose the related link.Any new user that has been created for your Office 365 subscription will be added on the Users page.
You can set up users groups to help you manage permission sets for groups of users in your company.
icon, enter User Groups, and then choose the related link.When users or user groups are created, you must assign permission sets to each to define which object a user can access. First, you must organize the relevant permissions in permission sets. For more information, see To get an overview of a user's permissions.
To quickly define a new user group, you can copy all permission sets from an existing user group to your new user group.
The user group members are not copied to the new user group. You must add them manually afterwards.
icon, enter User Groups, and then choose the related link.The new user group is added to the User Groups page. Proceed to add users. For more information, see To group users in user groups.
Administrators can define periods of time during which specified users are able to post, and also specify if the system logs the amount of time users are logged on. Administrators can also assign responsibility centers to users. For more information, see Work with Responsibility Centers.
icon, enter User Setup, and then choose the related link.Permission sets function as containers of permissions, so that you can easily manage multiple permissions in one record. When you have created a permission set, you must add the actual permissions. For more information, see To create or edit permissions manually.
A Business Central
solution typically contains a number of predefined permission sets that are added by Microsoft or by your software provider. These permission sets are of type System or Extension. You cannot create or edit these types of permission sets or the permissions within them. However, you can copy them to define your own permission sets and permissions.
Permission sets that users create, from new or as copies, are of type User-Defined and can be edited.
icon, enter Permission Sets, and then choose the related link.When you create new permission sets, you can use a copy function to quickly carry all the permissions of another permission set to a new permission set.
If a System permission set that you have copied is changed, you will be notified (depending on your selection), so that you can consider if the changes are relevant to copy or write into your user-defined permission set.
The new permission set, containing all the permissions of the copied permission set, is added as a new line on the Permission Sets page. Note that the lines are sorted alphabetically within each type.
This procedure explains how to add or edit permissions manually. You can also have a permission sets generated automatically from your actions in the UI. For more information, see To create or modify permission sets by recording your actions.
In each of the five access type fields, Read Permission, Insert Permission, Modify Permission, Delete Permission, and Execute Permission, you can select one of the following three permission options:
| Option | Description | Ranking |
|---|---|---|
| Yes | The user can perform the action on the object in question. | Highest |
| Indirect | The user can perform the action on the object in question but only through another related object that the user has full access to. | Second highest |
| Blank | The user cannot perform the action on the object in question. | Lowest |
You can assign an indirect permission to use an object only through another object. For example, a user can have permission to run codeunit 80, Sales-Post. The Sales-Post codeunit performs many tasks, including modifying table 37, Sales Line. When the user posts a sales document, the Sales-Post codeunit, Business Central checks if the user has permission to modify theSales Line table. If not, the codeunit cannot complete its tasks, and the user receives an error message. If so, the codeunit runs successfully.
However, the user does not need to have full access to the Sales Line table to run the codeunit. If the user has indirect permission for the Sales Line table, then the Sales-Post codeunit runs successfully. When a user has indirect permission, that user can only modify the Sales Line table by running the Sales-Post codeunit or another object that has permission to modify the Sales Line table. The user can only modify the Sales Line table when doing so from supported application areas. The user cannot run the feature inadvertently or maliciously by other methods.
For record-level security in Business Central , you use security filters to limit a user's access to data in a table. You create security filters on table data. A security filter describes a set of records in a table that a user has permission to access. You can specify, for example, that a user can only read the records that contain information about a particular customer. This means that the user cannot access the records that contain information about other customers. For more information, see Using Security Filters in Developer and IT-Pro help.
icon, enter Permission Sets, and then choose the related link.On the Permissions page, choose the Record Permissions action, and then choose the Start action.
This starts a recording process that captures all your action in the user interface.
When you edit a permission and thereby the related permission set, the changes will also apply to other users that have the permission set assigned.
You can assign permissions to users in two ways:
icon, enter Users, and then choose the related link.The following procedure explains how to assign permission sets to a user on the Permission Set by User page. The steps are similar on the Permission Set by User Group page.
icon, enter Users, and then choose the related link. icon, enter Users, and then choose the related link.Choose the Effective Permissions action.
The Permissions part lists all the database objects that the user has access to. You cannot edit this section.
The By Permission Set part shows the assigned permission sets through which the permissions are granted to the user, the source and type of the permission set, and to which extend the different access types are permitted.
For each row that you select in the Permissions section, the By Permission Set section shows which permission set or sets that the permission is granted through. In this section, you can edit the value in each of the five access type fields, Read Permission, Insert Permission, Modify Permission, Delete Permission, Execute Permission.
Only permission sets of type User-Defined can be edited.
Rows of source Entitlement originate from the subscription plan. The permission values of the entitlement overrule values in other permission sets if they have a higher ranking. A value in a non-entitlement permission set that has a higher ranking than the related value in the entitlement will be surrounded by brackets to indicate that it is not effective as it is overruled by the entitlement. For an explanation of ranking, see To create or edit permissions manually.
To edit a permission set, in the By Permission Set part, on the line for a relevant permission set of type User-Defined, choose one of the five access type fields and select a different value.
To edit individual permissions within the permission set, choose the value in the Permission Set field to open the Permissions page. Follow the steps described in To create or edit permissions.
When you edit a permission set, the changes will also apply to other users that have the permission set assigned.
Security and Protection in Business Central
Understanding Users, Profiles, and Role Centers
Getting Ready for Doing Business
Changing Which Features are Displayed
Administration
Add Users to Office 365 for business
Microsoft Dynamics 365 Business Central Licensing Guide
© 2019 Microsoft. All rights reserved.