web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Small and medium business | Business Central, N... / Business Central Acces...
Small and medium business | Business Central, N...
Answered

Business Central Access and Permission

(7) ShareShare
ReportReport
Posted on by JG-03022254-0 153
I have created 1 security group in Azure AD active directly. This is now synced in Business Central. Do I need to create multiple security groups to give permission for example if I want to give permission to certain people on AP, AR and GL. Is this similar to user group. Please can you shed more light on the way we give \ manage permissions to users in BC now and how we can group users permission.
 
Thanks
Categories:
Dynamics 365 Business Central
I have the same question (0)
  • Suggested answer
    Jun Wang Profile Picture
    Jun Wang 8,200 Super User 2025 Season 2 on at
    I believe security groups is a relatively new feature in BC and don't think you have to do that. We normally create user groups and then assign permission sets to such groups. 
     
     
     
  • Suggested answer
    YUN ZHU Profile Picture
    YUN ZHU 95,329 Super User 2025 Season 2 on at
    Hi, hope the following can give you some hints.
    Dynamics 365 Business Central: How to list all permissions (all users with permission sets or all permission sets with permissions…)
     
    Thanks.
    ZHU
  • Suggested answer
    Jainam M. Kothari Profile Picture
    Jainam M. Kothari 15,631 Super User 2025 Season 2 on at
    Hello,
     
    Azure AD (Microsoft Entra ID) security groups are used to manage user permissions efficiently by assigning permission sets to groups rather than individuals.
     
    If you want to give different access levels for roles like AP, AR, and GL, it's best to create separate security groups for each and assign relevant permissions.
     
    Unlike Business Central's user groups, which are mainly for organizing users, Azure AD security groups directly control access and simplify onboarding by automatically applying permissions when users are added to a group.
  • JG-03022254-0 Profile Picture
    JG-03022254-0 153 on at
    @YUN ZHU , thanks for the link, it's really helpful. However, this link didn't mention anything about security groups but user groups. Can I follow the same approach for security groups?
     
    @ Jun Wang, it is safe to say that I can use the User group? Thank you for your reply to the question.
     
    @Jainam M. Kothari thank you for clarifying the difference between the 2 groups
  • Suggested answer
    Jun Wang Profile Picture
    Jun Wang 8,200 Super User 2025 Season 2 on at
    Sure you could use user groups for your purpose.
  • Suggested answer
    Sumit Singh Profile Picture
    Sumit Singh 10,079 on at
    1. Azure AD Security Groups vs. Business Central User Groups
    Think of Azure AD security groups as your IT-managed way to group users based on their roles or departments—like AP, AR, or GL teams. These groups can be synced directly into Business Central, and you can assign permissions to them just like you would to individual users.
    On the other hand, User Groups in Business Central are more of an internal tool. They’re useful if you want to manage permissions within BC itself, without relying on Azure AD.
    Key difference:
    • Azure AD groups are managed by your IT team in Microsoft Entra (formerly Azure AD).
    • User Groups are managed by your BC admin inside the ERP.
    🧩 2. Should You Create Multiple Security Groups?
    Yes, and here’s why:
    If you want to give different teams access to different parts of the system—say, AP clerks should only see payables, AR users should manage receivables, and GL users should handle the chart of accounts—it’s best to create separate Azure AD security groups for each.
    For example:
    • BC_AP_Users
    • BC_AR_Users
    • BC_GL_Users
    This way, you can assign specific permission sets to each group in Business Central, and any user added to that group automatically inherits the right access.
    🛠️ 3. How to Set This Up in Business Central
    Here’s a high-level process:
    1. Create security groups in Azure AD for each role or department.
    2. Add users to the appropriate groups in Azure AD.
    3. In Business Central:
      • Go to Microsoft Entra ID Groups.
      • You’ll see the synced groups listed.
      • Assign the relevant permission sets to each group (e.g., D365 AP Clerk, D365 AR Manager, etc.).
    4. That’s it! When users log in, BC checks their group membership and applies the correct permissions.
     Best Practices
    • Avoid assigning permissions directly to users—use groups instead. It’s easier to manage and scale.
    • Use descriptive names for your security groups so it’s clear who they’re for.
    • Document your permission model—this helps with audits and onboarding.
    • Review group memberships regularly to ensure users still need the access they have.
    📌 Summary
    • Use Azure AD security groups to manage access centrally.
    • Create separate groups for different roles (AP, AR, GL, etc.).
    • Assign permission sets to those groups in Business Central.
    • This approach is scalable, secure, and aligns with Microsoft’s best practices.
    Note: This response was developed in collaboration with Microsoft Copilot to ensure clarity and completeness. I hope it proves helpful to others as well
  • Suggested answer
    Jeffrey Bulanadi Profile Picture
    Jeffrey Bulanadi 8,760 on at

    Hi,

    Great question , and yes, you're on the right track. BC now supports Azure AD security groups for managing user permissions, and they’re designed to replace traditional user groups in future releases.

    Let’s break it down:

     

    1. Do you need multiple security groups?
    Yes , if you want to assign different permission sets to users based on their roles (e.g., AP, AR, GL), it’s best to create separate Azure AD security groups for each functional area.

     

    Example:

     
    • BC_AP_Users → Assigned AP-related permission sets
    • BC_AR_Users → Assigned AR-related permission sets
    • BC_GL_Users → Assigned GL-related permission sets

    This gives you granular control and makes permission management scalable.

     

    2. How security groups differ from user groups
    Security groups are created in Azure AD or Microsoft 365 Admin Center, not inside BC. Once synced:

    • You link them to BC via the Security Groups page
    • Assign permission sets to the group
    • All members inherit those permissions automatically

    Unlike user groups, security groups are cross-platform and reusable across other Microsoft services.

     

    3. How to manage permissions effectively
    Here’s a recommended approach:

    • Create Azure AD security groups for each business role
    • Sync them into BC
    • Assign relevant permission sets to each group
    • Avoid assigning permissions directly to individual users , this becomes hard to maintain
    • Use the Security Group Members FactBox to review who has access to what

    You can also export/import security group setups or migrate existing user groups using the User Group Migration assisted setup.

     

    Helpful references:

    Manage user permissions using security groups – Microsoft Learn
    Create & manage Security Groups in D365 BC – Shubhfordynamics
    Mastering Permissions in BC – D365 Training


    If you find this helpful, feel free to mark this as the suggested or verified answer.


    Cheers
    Jeffrey

  • Suggested answer
    Mansi Soni Profile Picture
    Mansi Soni 8,907 Super User 2025 Season 2 on at
    Hello,

    In Business Central, Azure AD security groups work similarly to user groups and help manage permissions more efficiently. While it's not mandatory to create multiple groups, setting up separate security groups for roles is recommended for better control and clarity. Once these groups are synced to Business Central, you can assign the required permission sets to each group from the Microsoft Entra Groups page. Users will automatically inherit the permissions based on their group membership, making permission management more centralized, scalable, and role-based.

    Hope this answer will help you!

    Regards,
    Mansi Soni
  • Suggested answer
    Ahmad Subhani Profile Picture
    Ahmad Subhani 581 on at
    Hi,
     
    Simply create a user group in the System.
     
    Mark the Answer as Verified if this is Helpful.
     
  • Verified answer
    Sohail Ahmed Profile Picture
    Sohail Ahmed 11,136 Super User 2025 Season 2 on at
    Yes, you can use multiple Azure AD security groups and map them to different permission sets in Business Central. This works similarly to user groups but is managed through Azure AD. Assign the right permission sets to each group in BC, and then users will get access based on their group membership.
     
    Mark this as the verified answer if helpful. ✅
     
     

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Small and medium business | Business Central, NAV, RMS

#1
OussamaSabbouh Profile Picture

OussamaSabbouh 3,143

#2
Jainam M. Kothari Profile Picture

Jainam M. Kothari 1,694 Super User 2025 Season 2

#3
YUN ZHU Profile Picture

YUN ZHU 1,067 Super User 2025 Season 2

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans