Dynamics 365 Business Central: Remove obsolete permissions from all permission sets

Dynamics 365 Business Central

Hi, Readers.
Today I would like to share another mini tip about Business Central, how to remove obsolete permissions from all permission sets.

A permission set is a collection of permissions for specific database objects. All users must be assigned one or more permission sets before they can access Business Central. A Business Central solution contains predefined permission sets that are added by Microsoft or by your solution provider. You can also add new permission sets tailored to meet the needs of your organization.

However, as the version is updated, we sometimes need to deprecate some tables, for example:

PS: For all elements, except for Tables and Table fields, setting ObsoleteState = Removed will throw Compiler Error AL0169 because after an appropriate warning state of Pending, these elements can be deleted.

The option value ‘Removed’ is not valid AL AL0169

At this time, if there are User-Defined Permission Sets containing these Objects, we must clean them up manually.

Is there an easy way to clean it up? This may be a huge workload, especially for companies with strict permission management. Yes, this is a standard feature.

On the Permission Sets page, choose the Remove Obsolete Permissions action.

Great.

2 obsolete permissions were removed.

However, please note that System Permission Sets cannot be edited. If your extension does not clean up these obsolete objects, using this operation will result in the following error.

The Permission table is read-only.

So please clean up these obsolete objects in your permission set, or regenerate the permission set in your extension.

Finally, it should be noted that this feature removes permissions from a permission set, not the permission set itself. For example, some previous versions had the following two permission sets. This function cannot remove the outdated ones.

PS: EXTEN. MGT. – ADMIN is not classified by Microsoft in the special permission sets.
But to install or uninstall extensions from AppSource or add per-tenant extensions, you must either be a member of the D365 Extension Mgt. user group, or you must have the EXTEN. MGT. – ADMIN permission set explicitly. (For older versions, you need to have D365 EXTENSION MGT permission set)

Great, give it a try!!!😁

More details: Remove obsolete permissions from all permission sets

END

Hope this will help.

Thanks for reading.

ZHU

コメント

Copied title and URL