Small and medium business | Business Central, N...

Permissions to limit edit access on dimension values from one dimension and read access to the rest

(5) Share

Report

Posted on by TL-02012316-0

I'm trying to configure Business Central SAAS to allow selected users to edit only one Dimension (e.g., Department) while keeping all other Dimensions view-only.

I currently have one permission set with three additional permission sets embedded into it:

Base Permission Set: Verified with the only users have no access to dimenions or dimension values tables
Read-Only Permission Set: This permission set gives read access to all users to dimension and dimension values tables
Permission Set (with Security Filter) to allow R/I/M/D on Dept Dimension Values:
- Read/Insert/Modify/Delete access on table 349
- Security filter applied on the Department dimension (Dimension Code = DEPT)

The result is that users can edit dimension values from all dimensions. It appears to ignore the security filter to allow editing on only the Dept dimension values.

Any suggestions on what I'm missing would be appreciated.

Categories:

Dynamics 365 Business Central

I have the same question (0)

All responses (3)

Answers (0)

Suggested answer

YUN ZHU 99,086 Super User 2026 Season 1 on at

Like (1)

Report
Copy link

Link copied!

It appears that the other permission sets include the permissions you've disabled.
Try using Permission Exclusion.

More details: Dynamics 365 Business Central: Permission Exclusion (Exclude in Permission Set)

https://yzhums.com/30562/

Thanks.

ZHU

Was this reply helpful? Yes No
Suggested answer

OussamaSabbouh 12,965 Super User 2026 Season 1 on at

Like (2)

Report
Copy link

Link copied!

Hello ,

This isn’t a setup mistake, it’s a BC permission model limitation: permission sets are additive, and security filters don’t restrict write access if another permission set already grants access to the same table. Since users also have read access to Dimension Value (Table 349) without a filter, BC effectively ignores the filtered R/I/M/D set and allows editing all dimensions. You can’t achieve “edit only one dimension, read-only others” with permission sets alone; the practical solutions are to remove direct Dimension Value access and control changes via custom code/pages, or block changes using event subscribers unless Dimension Code = 'DEPT'. This has to be handled in code or process, not permissions.

Regards,
Oussama Sabbouh

Was this reply helpful? Yes No
Suggested answer

Dhiren Nagar 2,898 Super User 2026 Season 1 on at

Like (0)

Report
Copy link

Link copied!

Hi,

The issue is with the 2nd permission set, which is basically overriding your 3rd permission set.

So business central always reads the permission which is giving highest level of permission. Even if you use Exclude and that exclude is in different permission set it will override. Exclude only works when used in single permission set.

Regards,

Dhiren.

Was this reply helpful? Yes No