Dynamics 365 Business Central: What happens if users don’t have permission to read the table set in the TableRelation Property?

Dynamics 365 Business Central

Hi, Readers.
Last year we discussed What happens if users don’t have permission to read the table set in a FlowField? The absence of permissions does not affect the opening of the page, only the associated data cannot be displayed on the page.

I was asked a similar question recently, what happens if users don’t have permission to read the table set in the TableRelation Property? So in this post, I will do some simple tests.
TableRelation Property: Sets up a lookup into another table.
It lets you establish lookups into other tables. For example, on the Item card you can select a vendor from who you usually purchase an item.

This is done through a table relationship.

PS: The Vendor (23) table is used as an example throughout this test

I create a new permission set, then exclude permission of Vendor (23) Table Data.
PS: More details about Permission Exclusion (Exclude in Permission Set) and Difference between Table Data and Table in Permissions

Then assign this permission set to a test user.

Same as in Flowfield, when signing in to the system with the test user and opening Item Card page, you will find that the page opens, but the Vendor No. field is not displayed on the page.

The same goes for other pages, for example,
Purchase Order List (9307, List): Buy-from Vendor No.

Vendor Ledger Entries (29, List): Vendor No.

If you create a new Purchase Order, you will not see the fields of the Vendor table set in the TableRelation Property.

But there is a special situation here, when multiple tables are set in the TableRelation Property, the field is not automatically hidden because the user also has read permissions for other tables.
For example, “Account No.” in table 81 “Gen. Journal Line”

A permission error occurs when selecting Vendor No.

Sorry, the current permissions prevented the action. (TableData 23 Vendor Read: Base Application)
Page Select has to close.

If you exclude all tables set in the TableRelation Property, “Account No.” will be hidden.

Why is that? Same as Flowfield, I personally think this behavior is similar to AccessByPermission Property.

AccessByPermission Property: Sets a value for a table field or UI element that determines the permission mask for an object that a user must have to see and access the related page fields or UI element in the client. The UI element will be removed at runtime if the user does not have permissions to a certain object as specified in the AccessByPermission property.

All types of UI elements will be removed if they relate to an object to which the user does not have the required permissions:

  • Fields on pages, including FactBoxes
  • Actions on pages, including ToolBars and navigation panes
  • Page parts, such as Lines FastTabs

So this is also in line with the permission management, users can not access the data outside the permission settings, and the UI element (TableRelation) will be removed at runtime if the user does not have permissions, which also facilitates the developer for the management of the page UI.

However, if the code contains access codes for the Vendor table (Get, Findfirst, etc.), permission errors will also occur because the user does not have read permissions for the Vendor table. For example, trigger OnAfterGetCurrRecord() in page 50 “Purchase Order”

A permission error will also occur when opening an created Purchase Order.

Give it a try!!!😁

1. Dynamics 365 Business Central: How to enter any value in a TableRelation field (Without validating the table relationship)

2. Dynamics 365 Business Central: Can we extend TableRelation Property through a table extension??? (Yes, But…)

3. Dynamics 365 Business Central: The following field must be included into the table’s primary key: Field: xxxx Table: xxxx (Validation Results)


Hope this will help.

Thanks for reading.



Copied title and URL