I saw an interesting question in Dynamics 365 Forum the other day, what happens if users don’t have permission to read the table set in a FlowField? Will BC prompt an error? Or do not display the calculation result?
In this blog, I would like to talk briefly about this topic.
As you might know, FlowFields display the result of the calculation described in the CalcFormula Property. For example, the “Net Change” field in the G/L Account (15) table shows the balance of the account and is calculated as the sum of the Amount fields for all General Ledger entries (G/L Entry (17)) in the account.
So what happens when the user opens the Chart of Accounts page if the user does not have permission to read G/L Entry (17) table?
First of all, Microsoft has the following document in MS Learn (Docs).
In Business Central, a table can contain a FlowField, which generates sums based on values that are stored in another table. When using a FlowField, a user must have permission to read both tables or they will not be allowed to read the first table.https://learn.microsoft.com/en-us/dynamics365/business-central/dev-itpro/security/security-considerations
Is this correct? Let’s do a test.
Create a new permission set, then exclude permission of G/L Entry (17) Table Data.
PS: More details about Permission Exclusion (Exclude in Permission Set) and Difference between Table Data and Table in Permissions
Then assign this permission set to a test user.
When signing in to the system with the test user and opening Chart of Accounts page, you will find that the page opens, but the FlowField is not displayed on the page.
So actually the absence of permissions does not affect the opening of the first page, only the associated data cannot be displayed on the page. The description in MS Learn (Docs) is slightly problematic.
Just in case, let’s look at one more example.
This time I use a new custom field, FlowField type is lookup. Display the vendor name with the same No. as the customer in the Customer List and Card page.
Of course, users who have access to data in the Vendor table can view this data.
As with the test above, if we exclude the permission, the field will be automatically removed from the page.
Why is that? I personally think this behavior is similar to AccessByPermission Property.
AccessByPermission Property: Sets a value for a table field or UI element that determines the permission mask for an object that a user must have to see and access the related page fields or UI element in the client. The UI element will be removed at runtime if the user does not have permissions to a certain object as specified in the AccessByPermission property.
All types of UI elements will be removed if they relate to an object to which the user does not have the required permissions:
- Fields on pages, including FactBoxes
- Actions on pages, including ToolBars and navigation panes
- Page parts, such as Lines FastTabs
So this is also in line with the permission management, users can not access the data outside the permission settings, and the UI element (FlowField) will be removed at runtime if the user does not have permissions, which also facilitates the developer for the management of the page UI.
Give it a try!!!😁 If you have different or more ideas, welcome to contact me.
2. You only need Indirect Read Permission of the Table Data to display FlowField.
3. Add a test for Record.CalcFields() Method: Calculates the FlowFields in a record.
If the user does not have permission to read Vendor table, the following error will be prompted when running Record.CalcFields() Method.
Sorry, the current permissions prevented the action. (TableData Vendor Read: ZY Test Extension)
Adding Indirect Read Permission of the Table Data will solve this problem.
Hope this will help.
Thanks for your reading.