Hello All,
I have a client with a new user. That user is supposed to only be able to create, modify, post, and print sales orders, as well as create, modify, and post item journals.
I recorded new permission sets, doing each of the required tasks, as well as going to the role center; however, I have no access to these (ignore the dark mode)
The only way I'm able to get access to desired pages has been adding the D365 BASIC permission set, which allows many read abilities, and allows for the create/modify permissions for sales docs and item journals I created from recordings. Interesting that I have the create/modify functionality from the recordings, but not viewable page access. Anyway, I don't want the user to be able to see chart of accounts, customer list, customer card, etc.
An example of an issue is that I can't open the role center I want for this user, even though I have selected it while recording, switched into it, reloaded the page, etc. I've done everything to access it while recording, in a new pop out window and on the same screen. I still get this error without D365 BASIC.
What functionality is the permissions recording missing? Are there required permissions sets I'm missing besides LOGIN?
Hi Jake
I had my own nightmares with permission as well. I still do not know what is the best way to set them up and why sometimes they do not work. I wish Microsoft had some small pre-build permission set such as SO processing , PO processing, etc.
I add base permission and your permission to one user (As a quick test) and seems like it is working for me. But I may not testing what you are testing.
MahGah, that's correct, I tried it, but I'm also human and may have made a mistake along the way. Thanks for sending the zip file for sales order permissions. I'll take a look at it
[quote user="MahGah"]interesting. Have you tried to record one permission and only process sales order? Then see what is missing. I am sure you did it already but thought to check again.
Below is my sales order permission that works for my team
[/quote]Hi, You are correct. Generally, users need only minimal permissions.
But this is hard to manage in BC and partners need to try one by one and add manually the permissions where the error occurs. Partners also have to spend a lot of time verifying permission issues at each update.
So it's much easier to use exclusion methods, such as excluding some important table in the standard permission set below.
interesting. Have you tried to record one permission and only process sales order? Then see what is missing. I am sure you did it already but thought to check again.
Below is my sales order permission that works for my team
MahGah,
Thanks for your reply. The end result you have is the same result that I was able to end up with, utilizing the base-application's permission set LOGIN and the few recordings I did. I was led to that exact page you ended with.
The problem is that, while I my recordings and login permission set got me that far, I could not access the sales orders, even though I definitely processed them in multiple ways during recordings.
Hi
I have attached my minimum permission set to login here. You just need to add Role Page to it for each role. I hope this help
Thanks for your reply. For now, I think your recommendation to use exclusion is the best workaround; however, that still seems unnecessarily time consuming, no?
Thinking of this business case: A client wants a new user to be able to access and process Sales Orders - creating, modifying, posting, and printing - nothing more. No viewing of chart of accounts or literally any other page in BC. Is the quickest way to achieve that by using the D365 READ Permission Set, then retroactively excluding every page? I understand D365 READ is great for a lot of users, but if I have one user that I don't want to read any pages besides sales orders, it becomes a daunting task.
Wouldn't it make more sense, from a security standpoint, to give the user first login access, then give access to the pages I want them to use? Does Microsoft assume I want every new user to be able to read every page?
Have you checked the details in the recorded Permission Set?
I have the feeling that permissions are not fully recorded.
And, if some permissions are insufficient, you need to add them manually, because the programs running in the background may be different every time you open the page.
In addition, starting from BC21, Microsoft recommends using the following Permission Exclusion to manage permissions. Because Microsoft may modify the standard permission set every time it is updated. Using this method can avoid the problem of insufficient permissions in the permission set created by yourself.
More details: https://yzhums.com/30562/
Hope this helps.
Thanks.
ZHU
Hello,
Per the initial post, I used the Record Permissions feature, but still came up short on quite a few things. I started with no permissions, except the login set. Then recorded many processes entering into the role center, changing the role center, creating, modifying, printing, and posting sales orders, etc. But after all the recordings, the user wasn't able to view the role center or any pages
Hi, I suggest you use the Record Permissions feature.
More details: https://yzhums.com/10068/
Because in addition to the basic tables and pages displayed on the screen. There are also many Factboxes, as well as codes linked to other external systems, which are difficult to find without trying them one by one.
Hope this helps as well.
Thanks.
ZHU
André Arnaud de Cal...
291,969
Super User 2025 Season 1
Martin Dráb
230,842
Most Valuable Professional
nmaenpaa
101,156