With the refactoring done in Dynamics 365 Business Central for better supporting the SaaS environment, is not quite easy to check if a user has a specific permission on a specific object.
Permission Range table is now a system table that cannot be used on a SaaS environment, License Permission table does not give you specific user permissions and using the ReadPermission and WritePermission methods (that can determine if a user has read and write permission on the object) is only available for table objects and often this is not enough if you have complex security checks to implement (for example if you want to test if your user has execute permissions on a specific codeunit).
To achieve that goal, you can now use the Effective Permissions Mgt. codeunit, that now has a method called PopulatePermissionRecordWithEffectivePermissionsForObject that permits you to populate a Permission record for a specific object and a specific user. This method has the following signature:
procedure PopulatePermissionRecordWithEffectivePermissionsForObject (var Permission: Record Permission, PassedUserID: Guid, PassedCompanyName: Text, PassedObjectType: Option, PassedObjectId: Integer)
To show how to use this method, here I’ve created a procedure that receives as input the object to check for permissions and then it retrieves the permissions for the specific user on this object. The code is as follows:
As you can see, the PopulatePermissionRecordWithEffectivePermissionsForObject receives the required parameters and populates the temporary Permission record that I’m passing. You can then check the newly created permission record as you need (here for example I’m checking for the Execute permission and if the user has no execute permission on the given object I can act as consequence.
To call the CheckUserPermission procedure above for a specific object (for example the 80 – Sales Post codeunit), you can just do the following:
That’s quite hidden I know… but now there’s a quick solution 🙂