Dynamics 365 Business Central: New ExcludedPermissionSets Property in permission set objects

Dynamics 365 Business Central

Hi, Readers.
In Dynamics 365 Business Central 2021 release wave 1 (BC18), Microsoft released new AL objects – Entitlement, PermissionSet, and PermissionSetExtension.
And announced that Permissions defined as data feature will be Removed with Business Central 2022 release wave 1. For more information, see Entitlements and Permissions Overview, and Entitlement, PermissionSet, and PermissionSetExtension (New AL objects)

And in this wave, Business Central 2022 wave 2 (BC21), Microsoft has finally added a new command to generate or update AL permission set. From now on, whether it is PTE or AppSource Extension, permissions should be managed in the permission set object.

Finally Permission Exclusion (Exclude in Permission Set) is released.😁🎉👏🎊

With the update of the Permission Exclusion feature, a new property ExcludedPermissionSets was added to permission set objects, allowing the definition of excluded permission sets in extensions. See more here: ExcludedPermissionSets

ExcludedPermissionSets Property: Sets the lists of other permission sets that are excluded in this permission set.

Applies to: Permission Set

Syntax: ExcludedPermissionSets = BASIC;

Remark: You can also include permission sets by using the IncludedPermissionSets. For more information, see Composing Permission Sets.

Let’s see a simple example.

Create a new permission set object, add IncludedPermissionSets, ExcludedPermissionSets and Permissions properties.

Source Code:

permissionset 50100 "ZY D365 BASIC"
    Access = Public;
    Assignable = true;
    Caption = 'Dynamics 365 Basic access';

    IncludedPermissionSets = "LOGIN",
                             "Session - Edit";
    ExcludedPermissionSets = "Service Contract - Edit",
                             "D365 BASIC";

    Permissions = tabledata "Add-in" = imd,
                  tabledata "Aggregate Permission Set" = Rimd,
                  tabledata AllObj = imd,
                  tabledata AllObjWithCaption = Rimd,
                  tabledata "Code Coverage" = Rimd,
                  tabledata "CodeUnit Metadata" = imd,
                  tabledata Date = imd,
                  tabledata "Deposits Page Setup" = R,
                  page "Customer List" = X,
                  codeunit "Sales-Post" = X,
                  table * = X,
                  report * = X,
                  xmlport * = X,
                  query * = X;

When published to the environment, you can find it in Permission Sets page.

Details of permissions:

Simple as shown below.

‘ExcludedPermissionSets’ is not available in runtime version ‘9.0’. The supported runtime versions are: ‘10.0’ or greater.

Microsoft did not add the ability to exclude permissions, because whether you exclude individual permissions, or you exclude a permission set that contains those permissions you end up with exactly the same result. So Microsft have decided to only have the excluded permission sets for now. (This is mentioned in Business Central 2022 release wave 2 Launch Event)

More Information from Business Central Launch Event (2022 release wave 2) 


Hope this will help.

Thanks for reading.



Copied title and URL