Today I would like to share a new standard permission set in Business Central 2022 wave 1 (BC20.x), LOGIN Permission Set (Minimal permission set for log-in).
This is the newly added permission set in BC20. But it was not mentioned in the release plan.
PS: In BC19.5
You can find the permissionset 161 LOGIN object in the System Application.
And its basic permission is the same as permissionset 151 “System App – Basic”.
But in the Base Application, there is an permission extension to this permission set.
So, when you look at the effective permissions in the Business Central, you will find that their permissions are not the same.
SYSTEM APP – BASIC:
Next, let’s try to assign this permission set to the user.
When the user tries to log in, it will show that they do not have permission to use Role Center.
In fact, the user has already logged in successfully, but does not have access to Role Center. The LOGIN permission set does not contain any Role Center pages.
For example, page 9022 “Business Manager Role Center”
As a test, I created a new Permission Set containing only the execute permission for the Business Manage Role Center page.
Assign it to the user.
The user can log in without any problem, but the permissions are still insufficient. We can ignore this error and operate Business Central, but because we only have Login-In permissions, we cannot process any transactions.
|LOGIN||Grants the minimum permissions to application and system objects that needed to sign in to Business Central. Use the permission set to allow users to sign in to Business Central without accidentally granting them permissions beyond those required by their tasks. By granting this permission set, the user will always be able to sign in.|
Note: This permission set does not grant access to a Role Center. It only allows the user to log in to Business Central.
Some info from Dynamics 365 Business Central Launch Event 2022 Release Wave 1:
At the end, we can easily use the Permissionset object to contain the LOGIN permission.
But I think the real value of this permission needs to wait for the following feature to be released.
Improve the administrator’s capabilities to create, customize, and manage permission sets to control user access to capabilities in Business Central.
The new permission system in Business Central that became generally available in 2021 release wave 1 allows developers to establish a hierarchy of permission sets, include sets inside other permission sets, and extend permission sets. In 2022 release wave 1, admin users can leverage these permission sets and group them based on a tenant’s needs, visualize which permission sets are included in a given set, include others, and finetune them as needed.
We also deliver a new capability to subtract permissions with a permission set scope in this release wave. This capability lets the admin specify that an object cannot be accessed, unless access is not granted by another permission set.https://docs.microsoft.com/en-us/dynamics365-release-plan/2022wave1/smb/dynamics365-business-central/permission-set-handling-enhancements
We can add permission sets to the permission set and we can set exclusions freely. This feature is expected to be released in June, and I will do a detailed test at that time. If you want to see the details of this feature right now, please join the Microsoft Dynamics 365 Business Central Launch Event 2022 wave 1. More details: Link
Hope this will help.