Permission Set for Sales Order

(9) Share

Report

Posted on by Mansi Soni

8,951 Super User 2026 Season 1

Hello Professionals,

I hope you're all doing well.

Today, I encountered a scenario in Business Central where I need to define a permission structure for Sales Orders as follows: A user should be able to create and modify only the Sales Orders they have created. The same user should have read-only access to Sales Orders created by others and should not be able to modify or delete them.

I would appreciate your guidance on whether this requirement can be achieved using standard Business Central functionality, or if it would require a minor customization.

Looking forward to your suggestions and best practices.

Thank you in advance!

Best Regards,
Mansi Soni

Categories:

Dynamics 365 Business Central

Microsoft Dynamics NAV

I have the same question (0)

All responses (6)

Answers (4)

Verified answer

DAnny3211 11,417 Super User 2026 Season 1 on at

Like (5)

Report
Copy link

Link copied!

Hi Mansi,

This is a great use case, and while standard Business Central permissions offer some flexibility, your requirement goes slightly beyond what can be achieved out-of-the-box and would likely require a minor customization. Here's a breakdown:

Standard Permissions
You can restrict access to the Sales Order table (36) using permission sets. However, standard permissions do not support record-level security, meaning you can't conditionally allow editing based on who created the record.

Recommended Customization
To meet your requirement, you can implement a custom check using AL code:

Extend the Sales Header table to store the Created By user ID (if not already tracked).
In the OnModify and OnDelete triggers (or via event subscribers), add logic like:

if Rec."Created By" <> UserId then

Error('You can only modify or delete Sales Orders you created.');

Optionally, use page extensions to disable actions or fields for records not created by the current user.
Alternative Approach
If you prefer not to customize, you could:

Allow all users to create and edit.
Use workflow approvals to lock records after submission.
Filter views or use custom pages to limit visibility.
Let me know if you’d like help drafting the AL logic or designing the structure.

Best regards,
Daniele

Was this reply helpful? Yes No
Verified answer

Sohail Ahmed 11,169 Super User 2026 Season 1 on at

Like (6)

Report
Copy link

Link copied!

Hi Mansi,

This is a common requirement, but unfortunately, standard permission sets in Business Central don’t support record-level security out of the box meaning you can't restrict users from editing Sales Orders based on who created them using only permissions.

To achieve this, you’ll need a minor customization, typically by:

Adding a field like "Created By" on the Sales Header.

Using an event subscriber (e.g., OnModifyRecord) to block updates or deletions if the current user is not the creator.

Optionally, hide action buttons (like Delete) through page customization for non-owners.

Let me know if you'd like a code snippet or example to get started.

✅ Mark this answer as verified if it helps you.

Was this reply helpful? Yes No
Verified answer

Jeffrey Bulanadi 9,112 Super User 2026 Season 1 on at

Like (5)

Report
Copy link

Link copied!
Hi Mansi,

One that surfaces a key limitation in standard permission sets: they don’t support record-level conditions like “only modify your own records.” So yes, this would require a minor AL customization.

Here’s a modular approach you can take:

AL-Based Record Ownership Enforcement

Extend the Sales Header table

Add a Created By field (if not already present) to store the UserId of the creator.

Auto-populate on insert

Use an event subscriber or OnInsert trigger to set Created By := UserId.

Restrict modification and deletion

In OnModify and OnDelete triggers (or via event subscribers), add logic like:

Optional: Page-level UI restrictions

Use page extensions to disable actions (e.g., Delete, Edit) or make fields non-editable for records not owned by the current user.

Alternative (No Customization)

If you want to avoid AL code:

Allow all users to create/edit.

Use workflow approvals to lock records after submission.

Use filtered views or custom list pages to limit visibility.

But this won’t prevent edits — it just discourages them.

Helpful References
Understanding Permission Sets in BC
User Permissions and Security
Sales Order Agent Setup

If you find this helpful, feel free to mark this as the suggested or verified answer.

Cheers
Jeffrey

Was this reply helpful? Yes No
Verified answer

Andrés Arias 5,166 Super User 2026 Season 1 on at

Like (4)

Report
Copy link

Link copied!

Hello Mansi,

It could be partially covered, you could use the Security Filters option to cover user created sales orders. Unfortunately you could not use it to manage reading or editing the other documents.

My recommendation, would be to use a small development to cover the need.

I hope I can help.

Regards,

Andres

Was this reply helpful? Yes No
Gerardo Rentería Ga... 25,555 Most Valuable Professional on at

Like (3)

Report
Copy link

Link copied!

Hi, good day
I hope this can help you, and give you some hints.

Dynamics 365 Business Central: Using Security Filters and SecurityFiltering Property | Dynamics 365 Lab

Hide Confidential Records with Security in Business Central - Sharing The Righter Way - Cynthiapriebe.com

Best Regards
Gerardo

Was this reply helpful? Yes No
Suggested answer

YUN ZHU 99,086 Super User 2026 Season 1 on at

Like (2)

Report
Copy link

Link copied!

As far as I know, customization is more convenient.
This is the same as locking a personal batch name. And you can use the Data audit fields to determine the user's permissions.

https://learn.microsoft.com/en-us/dynamics365/business-central/dev-itpro/developer/devenv-table-system-fields#audit

Thanks

ZHU

Was this reply helpful? Yes No