web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Small and medium business | Business Central, N... / Minimal permission set...
Small and medium business | Business Central, N...
Answered

Minimal permission set / best practice?

(0) ShareShare
ReportReport
Posted on by Hrvoje Kusulja 370

Hello,
Business Central v16 / SaaS.

I have a new BC user / employee, that has full Business Central - Essential license.
I need to give the user rights to do only one thing: manage Customers with their data (name, address etc.).
This user should not see any other tables/data (like general ledger, purchasing etc.)

If I start with my new custom permission set "Customer data manager", and add few required tables. This user can not login since some dependency for system tables is also needed.

What default permission set should be used at start / copy, and then remove other "not needed" tables ?
What is best practice for such a scenario?
Please without 3rd party software.

I have the same question (0)
  • Suggested answer
    Renato Fajdiga Profile Picture
    Renato Fajdiga 1,853 on at

    Hi Hrvoje,

    for your case, I will start with D365 Basic and D365 Customer, Edit permission sets and then manually add/remove permissions where I get an error.  

    Also, take into consideration that if you have some ISV/Partner customization you should also then include those objects if they are used in editing customers.

    Best regards,

    Renato

  • Hrvoje Kusulja Profile Picture
    Hrvoje Kusulja 370 on at

    Thank you for the info. THe thing is if I do the copy of D365 Basic , there are simply too much rows/permissions/tables to remove from it (since it includes a lot of permissions) . Any other suggestion?

  • Suggested answer
    Renato Fajdiga Profile Picture
    Renato Fajdiga 1,853 on at

    But you can export your permission set (which is copy of D365 Basic) to XML, open it in Excel, do the manipulation with permission in Excel, export that Excel to XML and upload modified XML to your permission (www.fajdiga.info/.../).

  • Hrvoje Kusulja Profile Picture
    Hrvoje Kusulja 370 on at

    Thank you, I am aware of export/import XML option for permission sets.

    However, main issue still persists, which tables we need to leave and which to remove?

    It would be much easier if someone has created basic/minimal XML permission set, which grants minimal permissions for accessing the BC web interface. And then we can easily add our needed tables, like "customers" (and others, if needed) etc.

  • Suggested answer
    Renato Fajdiga Profile Picture
    Renato Fajdiga 1,853 on at

    Hi,

    but what are minimal permissions for accessing the BC? It really depends already on the first step when you accessing role center (profile) with different permissions which are used, for example, if you are using Production role center, in this case, maybe marketing setup permission is not needed at all, and you will not get an error that this is missing, but someone who works with Order processor role with the same minimal permission set will get the error. That is why I suggest you use D365 Basic which covers the most basic activities and then you modify that D365 Basic to your need (editing customers only) and remove permissions which you don't need.

    Also, you can try to create your own permission set using Permission recorded tool on Permission sets which then will generate permission based on what you access in the system, and after that, you will just need manually to enter some system objects for which you will get an error.

    Best regards,

    Renato.

  • Ola Darwish Profile Picture
    Ola Darwish 915 on at

    Hi Renato,

    I tried the suggested Permission recording tool. I go to permission set - create a new set- Then click on permissions and Click start. Then I try to simulate the actions of the user and then when I go back to permissions screen- The recording is not still on and nothing has been populated in the permissions screen.

    do you mind sharing the exact steps on how to record permissions in Business Central?

    Thanks

    Ola

  • Ola Darwish Profile Picture
    Ola Darwish 915 on at

    Sorry Renato, as soon as I hit submit on my reply I found the answer to my question.  The part that I was missing is that when I open permissions I need to open it in another window, so it stays open and record my actions and build the permissions needed.  That worked Perfectly - Thanks for the recording suggestion

    Ola

  • Sara K Profile Picture
    Sara K 40 on at

    Hi Renato,

    Is it possible to make a recoding for another user - just to record all his steps, including login?

    Or can we somehow find out which tables are necessary for login?

    There are so many tables in basic permission sets, it would take too much time to add or remove one by one.

  • Verified answer
    Renato Fajdiga Profile Picture
    Renato Fajdiga 1,853 on at

    Hi,

    as far as I know, there is no possibility to record permission for another user.

    Regarding the minimal permission set which your user needs for login it really depends on what you are using for RTC. For example, I created a copy of D365 Basic and successfully login with only these tables.

    Object Type Object ID Object Name Read Permission Insert Permission Modify Permission Delete Permission Execute Permission
    Table Data 79 Company Information Yes
    Table Data 98 General Ledger Setup Yes
    Table Data 9008 User Login Yes Yes Yes Yes
    Table Data 2000000001 Object Yes Indirect Indirect Indirect
    Table Data 2000000004 Permission Set Yes
    Table Data 2000000005 Permission Yes
    Table Data 2000000006 Company Yes
    Table Data 2000000007 Date Yes Indirect Indirect Indirect
    Table Data 2000000009 Session Yes Indirect Indirect Indirect
    Table Data 2000000020 Drive Yes Indirect Indirect Indirect
    Table Data 2000000022 File Yes Indirect Indirect Indirect
    Table Data 2000000026 Integer Yes Indirect Indirect Indirect
    Table Data 2000000028 Table Information Yes Indirect Indirect Indirect
    Table Data 2000000029 System Object Yes Indirect Indirect Indirect
    Table Data 2000000038 AllObj Yes Indirect Indirect Indirect
    Table Data 2000000040 License Information Yes Indirect Indirect Indirect
    Table Data 2000000041 Field Yes Indirect Indirect Indirect
    Table Data 2000000043 License Permission Yes Indirect Indirect Indirect
    Table Data 2000000044 Permission Range Yes Indirect Indirect Indirect
    Table Data 2000000045 Windows Language Yes Indirect Indirect Indirect
    Table Data 2000000049 Code Coverage Yes Indirect Indirect Indirect
    Table Data 2000000053 Access Control Yes Indirect Indirect Indirect
    Table Data 2000000055 SID - Account ID Yes Indirect Indirect Indirect
    Table Data 2000000058 AllObjWithCaption Yes Indirect Indirect Indirect
    Table Data 2000000063 Key Yes Indirect Indirect Indirect
    Table Data 2000000065 Send-To Program Yes Yes Yes Yes
    Table Data 2000000066 Style Sheet Yes Yes Yes Yes
    Table Data 2000000068 Record Link Yes Yes Yes Yes
    Table Data 2000000069 Add-in Yes Indirect Indirect Indirect
    Table Data 2000000071 Object Metadata Yes Indirect Indirect Indirect
    Table Data 2000000072 Profile Yes
    Table Data 2000000073 User Personalization Yes Yes Yes Yes
    Table Data 2000000074 Profile Metadata Yes Indirect Indirect Indirect
    Table Data 2000000075 User Metadata Yes Yes Yes Yes
    Table Data 2000000076 Web Service Yes Yes Yes Yes
    Table Data 2000000078 Chart Yes Indirect Indirect Indirect
    Table Data 2000000080 Page Data Personalization Yes Yes Yes Yes
    Table Data 2000000081 Upgrade Blob Storage Yes Indirect Indirect Indirect
    Table Data 2000000082 Report Layout Yes Indirect Indirect Indirect
    Table Data 2000000083 Tenant Profile Setting Yes
    Table Data 2000000084 Tenant Profile Extension Yes
    Table Data 2000000086 Profile Configuration Symbols Yes
    Table Data 2000000110 Active Session Yes Indirect Indirect Indirect
    Table Data 2000000111 Session Event Yes Indirect Indirect Indirect
    Table Data 2000000112 Server Instance Yes Indirect Indirect Indirect
    Table Data 2000000114 Document Service Yes Indirect Indirect Indirect
    Table Data 2000000120 User Yes Yes
    Table Data 2000000121 User Property Yes Indirect Indirect Indirect
    Table Data 2000000130 Device Yes Indirect Indirect Indirect
    Table Data 2000000135 Table Synch. Setup Yes Indirect Indirect Indirect
    Table Data 2000000136 Table Metadata Yes Indirect Indirect Indirect
    Table Data 2000000137 CodeUnit Metadata Yes Indirect Indirect Indirect
    Table Data 2000000138 Page Metadata Yes Indirect Indirect Indirect
    Table Data 2000000139 Report Metadata Yes Indirect Indirect Indirect
    Table Data 2000000140 Event Subscription Yes Indirect Indirect Indirect
    Table Data 2000000144 Power BI Blob Yes
    Table Data 2000000145 Power BI Default Selection Yes
    Table Data 2000000146 Intelligent Cloud Yes Indirect Indirect Indirect
    Table Data 2000000154 Database Locks Yes
    Table Data 2000000159 Data Sensitivity Yes
    Table Data 2000000164 Time Zone Yes Indirect Indirect Indirect
    Table Data 2000000165 Tenant Permission Set Yes Yes Yes Yes
    Table Data 2000000166 Tenant Permission Yes Yes Yes Yes
    Table Data 2000000167 Aggregate Permission Set Yes Indirect Indirect Indirect
    Table Data 2000000168 Tenant Web Service Yes Yes Yes Yes
    Table Data 2000000170 Configuration Package File Yes Indirect Indirect Indirect
    Table Data 2000000173 Intelligent Cloud Status Yes Indirect Indirect Indirect
    Table Data 2000000175 Scheduled Task Yes Indirect Indirect Indirect
    Table Data 2000000177 Tenant Profile Yes
    Table Data 2000000178 All Profile Yes
    Table Data 2000000179 OData Edm Type Yes Indirect Indirect Indirect
    Table Data 2000000180 Media Set Yes Indirect Indirect Indirect
    Table Data 2000000181 Media Yes Indirect Indirect Indirect
    Table Data 2000000182 Media Resources Yes Indirect Indirect Indirect
    Table Data 2000000183 Tenant Media Set Yes Indirect Indirect Indirect
    Table Data 2000000184 Tenant Media Yes Indirect Indirect Indirect
    Table Data 2000000185 Tenant Media Thumbnails Yes Indirect Indirect Indirect
    Table Data 2000000186 Profile Page Metadata Yes Indirect Indirect Indirect
    Table Data 2000000187 Tenant Profile Page Metadata Yes Indirect Indirect Indirect
    Table Data 2000000188 User Page Metadata Yes Indirect Indirect Indirect
    Table Data 2000000189 Tenant License State Yes
    Table Data 2000000190 Entitlement Set Yes Indirect Indirect Indirect
    Table Data 2000000191 Entitlement Yes Indirect Indirect Indirect
    Table Data 2000000194 Webhook Notification Yes Indirect Indirect Indirect
    Table Data 2000000195 Membership Entitlement Yes Indirect Indirect Indirect
    Table Data 2000000196 Object Options Yes Indirect Indirect Indirect
    Table Data 2000000197 Token Cache Yes Indirect Indirect Indirect
    Table Data 2000000198 Page Documentation Yes
    Table Data 2000000201 NAV App Setting Yes Yes Yes Yes
    Table Data 2000000211 Feature Key Yes
    Table 0 All objects of type Table Yes
    Report 0 All objects of type Report Yes
    Codeunit 0 All objects of type Codeunit Yes
    XMLport 0 All objects of type XMLport Yes
    MenuSuite 0 All objects of type MenuSuite Yes
    Page 0 All objects of type Page Yes
    Query 0 All objects of type Query Yes

    Br,

    Renato

  • Verified answer
    Sara K Profile Picture
    Sara K 40 on at

    Thank you for the quick reply. This list is really good, I only needed to add another three tables and I was able to log in with user who had team member or sales role assigned. All I needed was successful login, and after that it's pretty easy to add or record necessary tables.

    In case someone else will need them, here are the tables I added:

    Object Type Object ID Object Name Read Permission Insert Permission Modify Permission Delete Permission

    Table Data 1270 OCR Service Setup Yes

    Table Data 1309 O365 Getting Started Yes

    Table Data 9178 Application Area Setup Yes

    Thank you for your help!

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Small and medium business | Business Central, NAV, RMS

#1
OussamaSabbouh Profile Picture

OussamaSabbouh 3,229

#2
Jainam M. Kothari Profile Picture

Jainam M. Kothari 1,867 Super User 2025 Season 2

#3
YUN ZHU Profile Picture

YUN ZHU 1,153 Super User 2025 Season 2

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans