Dynamics 365 Business Central: checking user permissions on specific objects

With the refactoring done in Dynamics 365 Business Central for better supporting the SaaS environment, is not quite easy to check if a user has a specific permission on a specific object.

Permission Range table is now a system table that cannot be used on a SaaS environment, License Permission table does not give you specific user permissions and using the ReadPermission and WritePermission methods (that can determine if a user has read and write permission on the object) is only available for table objects and often this is not enough if you have complex security checks to implement (for example if you want to test if your user has execute permissions on a specific codeunit).

To achieve that goal, you can now use the Effective Permissions Mgt. codeunit, that now has a method called PopulatePermissionRecordWithEffectivePermissionsForObject that permits you to populate a Permission record for a specific object and a specific user. This method has the following signature:

procedure PopulatePermissionRecordWithEffectivePermissionsForObject (var Permission: Record Permission, PassedUserID: Guid, PassedCompanyName: Text[50], PassedObjectType: Option, PassedObjectId: Integer)

To show how to use this method, here I’ve created a procedure that receives as input the object to check for permissions and then it retrieves the permissions for the specific user on this object. The code is as follows:

As you can see, the PopulatePermissionRecordWithEffectivePermissionsForObject receives the required parameters and populates the temporary Permission record that I’m passing. You can then check the newly created permission record as you need (here for example I’m checking for the Execute permission and if the user has no execute permission on the given object I can act as consequence.

To call the CheckUserPermission procedure above for a specific object (for example the 80 – Sales Post codeunit), you can just do the following:

That’s quite hidden I know… but now there’s a quick solution 🙂

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.