web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Small and medium business | Business Central, N... / How to disable user ac...
Small and medium business | Business Central, N...
Suggested Answer

How to disable user access to list companies in /api/v2.0/companies

(3) ShareShare
ReportReport
Posted on by PU-21010544-0 31
Hello, I am trying to emulate a problem, thing is I have setup an oauth2 flow with microsoft dynamics 365, currently, I have the flow working and I am able to get for example companies listing using the endpoint 
 
GET https://api.businesscentral.dynamics.com/xxxxxxxxxxxxxxxx/api/v2.0/companies
 
Now I have a problem, some of my users are unable to query this endpoint, and i would like to create a user that also is unable to query this endpoint but is able to do all other operations under companies, e.g 
 
api/v2.0/companies(xxxxxxxxxxxxxxxxxxxxxxxxxx)/accounts,
 
 
i have basically removed all permissions except login for a test user so as i can produce an account that will not have permission to list companies. Yet i am still able to get a company listing instead of a 401 on that companies endpoint. Any idea please how that is possible, clearly permission set does not seem to provide me with a solution, see for example here this user has only login permission.

Categories:
Dynamics 365 Business Central
I have the same question (0)
  • Waed Ayyad Profile Picture
    Waed Ayyad 9,039 Super User 2025 Season 2 on at
    Moved to Business Central Forum.
  • Gerardo Rentería García Profile Picture
    Gerardo Rentería Ga... 25,367 Most Valuable Professional on at
    Hi
    You should check the Microsoft Entra application and see what you have configured. Can you do it?
    Best
    GR
  • Suggested answer
    Khushbu Rajvi. Profile Picture
    Khushbu Rajvi. 20,614 Super User 2025 Season 2 on at
  • Suggested answer
    Nitin Verma Profile Picture
    Nitin Verma 21,708 Moderator on at
    in this case LOGIN permission set doesn’t explicitly block the /companies endpoint, and the OAuth token’s scope grants broad API access that overrides the expected restriction.  meaning /companies endpoint is a top-level resource in the BC Web Services API. It doesn’t directly map to a specific table or object in BC but rather serves as an entry point to enumerate available companies.
  • Suggested answer
    Teddy Herryanto (That NAV Guy) Profile Picture
    Teddy Herryanto (Th... 14,284 Super User 2025 Season 2 on at
    I believe you are not looking at the right place.
     
    To access API endpoint, you need OAuth2.
    The OAuth2 is not linked to the User Card.
     
    It is linked to the Microsoft Entra Applications.
     
    Here's a link to setup OAuth2.
     
  • Suggested answer
    YUN ZHU Profile Picture
    YUN ZHU 95,739 Super User 2025 Season 2 on at
    Hi, hope the following helps as well.
    Using OAuth to connect Business Central APIs and Web Service in Postman
     
    Thanks.
    ZHU

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Small and medium business | Business Central, NAV, RMS

#1
OussamaSabbouh Profile Picture

OussamaSabbouh 2,135

#2
YUN ZHU Profile Picture

YUN ZHU 733 Super User 2025 Season 2

#3
Sumit Singh Profile Picture

Sumit Singh 612

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans