In Dynamics 365 Business Central, permission sets play a crucial role in defining what actions users can perform and what data they can access. Assigning permissions should be done thoughtfully to maintain security and prevent unintended consequences. While you want to ensure your team has the ability to get the job done, you don’t want to give away the keys to the kingdom in the process.
Let’s talk about SUPER.
SUPER Permission Set
Definition: The SUPER permission set grants users the ability to read, use, update, and delete all data and application objects within the scope of their license.
Importance: Business Central requires that at least one user is assigned this permission set in each database. The first user created is automatically assigned the SUPER permission set.
Use Case: Running a synchronization of users from Microsoft 365 using the “Update Users from Microsoft 365” guide requires the SUPER permission set.
Assigning the SUPER Permission set in Business Central grants a user complete access to read, use, update, and delete all data and application objects within the scope of the license. This level of access is powerful and can lead to significant security risks, such as unauthorized data access. It’s crucial to limit this permission to trusted administrators since it allows for critical operations, including modifying system settings and user permissions. It’s advised to assign the SUPER Permission set sparingly and monitor its use closely to maintain system integrity and security.
But wait…there’s are underdog permission sets that no one sees coming…the D365 FULL ACCESS and D365 BUS FULL ACCESS. Let’s have a look.
D365 BUS FULL ACCESS Permission Set
Definition: The D365 BUS FULL ACCESS permission set provides comprehensive access to the entire Business Central application.
Scope: Users with the D365 BUS FULL ACCESS permission set can perform all actions and access all data within their license scope. It provides access to specific modules and features such as Company Edit, Banking, Cash Flow, Cost Accounting, Inventory Document Creation, Jobs Editing, Warehouse Editing, and more.
Considerations: While it offers extensive functionality, be cautious when assigning it to users. Only grant it to those who genuinely need unrestricted access.
Assigning the D365 BUS FULL ACCESS Permission set in Business Central grants extensive access across the system, which can pose significant security risks. This permission set essentially provides users with unrestricted access to all areas of the system, including sensitive financial data and the ability to modify system settings. Such broad permissions can lead to accidental or intentional misuse of the system, potentially resulting in data breaches or compliance issues.
D365 FULL ACCESS Permission Set
Definition: The D365 FULL ACCESS permission set typically refers to a broader level of access that encompasses all functionalities and features available in Microsoft Dynamics 365 applications, including Business Central.
Scope: Users with the D365 FULL ACCESS permission set are likely to have permissions not only for Business Central but also for other Dynamics 365 applications such as Dynamics 365 Sales, Marketing, Customer Service, and more.
Considerations: While it offers extensive functionality, be cautious when assigning it to users. Only grant it to those who genuinely need unrestricted access.
Giving a user D365 Full Access permissions can raise concerns due to the excessive power it grants to the user. This permission set provides unrestricted access to all areas of Dynamics 365 Business Central, which may lead to potential risks such as accidental data deletion, unauthorized changes, or exposure of sensitive information.
Remember to adhere to the principle of least privilege, ensuring users have only the access necessary to perform their job functions. Overly generous permissions can also complicate audits and make it difficult to track changes and responsibility within the system. Therefore, it’s advisable to carefully evaluate the necessity of assigning such comprehensive permissions and consider more granular permission sets tailored to the specific roles and responsibilities of users.
