Permission Set Object

APPLIES TO: Business Central 2021 release wave 1 (v18.0) and later

The permission set object in Business Central describes permissions on objects. Permission sets are building blocks used to compose assignable permission sets and entitlements. Assignable permission sets are permissions that an admin can assign to users in Business Central, using the Permission Sets page. An entitlement is a collection of permission sets that constitute a set of meaningful permissions for a user.

Some permission sets can be non-assignable, meaning that they are not discoverable and assignable in the UI in Business Central, instead they can be used as building blocks to compose functional assignable permission sets.

For information about which permissions can be assigned to objects, see Permissions on Database Objects.

Designing with cautiousness

If a permission set is extended through AL, that extension will make additive changes to the permission set. This means that an extension can provide elevated privileges to an otherwise limited set of permissions. Building permission sets that can be extended must be done carefully with this in mind.

Snippet support

Typing the shortcut tpermissionset will create the basic layout for a permission set object when using the AL Language extension in Visual Studio Code.

Tip

Use Ctrl+Space to trigger IntelliSense and get assistance on code completion, parameter info, quick info, and member lists.

Permission set example

The following example illustrates a permission set Sales Person with permissions given to data in tables, each with different level of access. The Assignable property is set to true which allows the permission set to be assigned to a user. The Permissions property is set to the list of objects to give permissions to. The RIMD access assigned to data in the Customer table provides full access, whereas, for example, access is limited for data in the Currency table only allowing full read and modify permission.

permissionset 50134 "Sales Person"
{
    Assignable = true;
    Caption = 'Sales Person';

    Permissions = 
        tabledata Customer = RIMD,
        tabledata "Payment Terms" = RMD,
        tabledata Currency = RM,
        tabledata "Sales Header" = RIM,
        tabledata "Sales Line" = RIMD;
}

The following example of a permission set illustrates assigned permissions to run codeunits. With the IncludedPermissionSets property, we specify that the permission set Sales Person is also included in MyPermissionSet.

permissionset 50130 MyPermissionSet 
{ 
    Assignable = true;
    Caption = 'My PermissionSet';
    IncludedPermissionSets = "Sales Person"; 

    Permissions = 
        codeunit SomeCode = x, 
        tabledata Vendor = RIm,
        codeunit AccSchedManagement= X; 
} 

See Also

Developing Extensions
AL Development Environment
Entitlements and Permission Set Overview
Permission Set Extension Object
Permissions on Database Objects
Assignable Property
IncludedPermissionSets
Permissions Property