Dynamics 365 Business Central: Check whether a user has a specific permission set assigned

Dynamics 365 Business Central

Hi, Readers.
Today I would like to talk briefly about how to check whether a user has a specific permission set assigned via AL.

A permission set is a collection of permissions for specific database objects. All users must be assigned one or more permission sets before they can access Business Central. A Business Central solution contains predefined permission sets that are added by Microsoft or by your solution provider. You can also add new permission sets tailored to meet the needs of your organization.

You can assign permissions sets to users in two ways:

  • From the User Card page by selecting permission sets to assign to the user.
  • From the Permission Set by User page by selecting users that a permission set is assigned to.

So can we easily check whether a user has a specific permission set assigned during customization? Of course, it’s not very difficult. Microsoft has prepared a method for us in codeunit 152 “User Permissions”.

procedure HasUserPermissionSetAssigned(UserSecurityId: Guid; Company: Text; RoleId: Code[20]; Scope: Option; AppId: Guid): Boolean: Checks whether a user has a specific permission set assigned.

Let’s take a brief look at the parameters inside.

UserSecurityId: The user’s security ID.
More details: User Security Id (SID) and User Id (Name)

Company: The company for which to check. (company name)

RoleId: The ID of the permission set.

Scope: The scope of the permission set. System (0) or tenant (1).

Generally, if it’s created from a project, such as a Permission Set object, or an XML file, it is System. If added from the Permission Set page, it is Tenant. More details: New command to generate or update AL permission set

AppId: The app ID of the permission set.

returns: True if the user has permission sets assigned.

Let me do a simple test: Check whether the current user has the LOGIN permission set.

Test video:

Very simple. Using this method you can check whether the user can use some specific functions by whether they have this permission set, rather than the permissions within the permission set. Sometimes this may be a little simpler than setting detailed permissions. Give it a try!!!😁

My test code:

pageextension 50113 CustomerCardExt extends "Customer Card"
    trigger OnOpenPage()
        UserPermission: Codeunit "User Permissions";
        if UserPermission.HasUserPermissionSetAssigned(UserSecurityId(), CompanyName, 'LOGIN', 0, '63ca2fa4-4f03-4f2b-a480-172fef340d3f') then
            Message('The current user has LOGIN permission set')
            Message('The current user does not have LOGIN permission set');

1. If you don’t use the standard method, you can also use table 2000000053 “Access Control” directly.
In codeunit 153 “User Permissions Impl.”:

table 2000000053 “Access Control”:

2. How to quickly check if the user has the SUPER permissions set via AL (Best practice)


Hope this will help.

Thanks for reading.



Copied title and URL