User Permissions Explained

Permissions are integral to Business Central. They are customisable in order to allow particular users to perform specific duties. It’s the role of the administrator to set these, whether that be recently after an implementation or perhaps just amending or adding a specific individual at a later date. The factors the to consider here include ‘what user fits what role?’ ‘what role gets which particular permissions?’ and ‘are these permissions exclusive to all companies or specific ones’? Once you have established what it is you are trying to achieve, let’s delve into how it all works.

Areas of permissions that need consideration

There are 3 main areas to consider when establishing permissions. These are:

  • Users
  • Permission sets
  • User groups


Let’s start with ‘users’. Every account on the system will be a user and so therefore will be formattable to specific permission requirements. In order to make a new user, type ‘users’ in the search bar and click on the option under the ‘pages and tasks’ category. From here, you can click ‘new’ to make a new one. Alternatively, where you are taking them from another system, click the ‘process’ option and select ‘get users from Office 365’, which will allow you to import all those users with a license from relevant Microsoft products.

‘Users’ relate to the individuals with Microsoft licenses who will use the system. ‘Permission sets’ are the collections of permissions put together to form a package that can be applied to users. ‘User groups’ are collections of users that can have permission sets applied to them. They could be grouped due to their role within the business or perhaps for other reasons, such as providing several users with particular permissions for testing.

User groups

Once we have the users who we want to sort, we can then manage the grouping. Reaching the ‘user groups’ page will give us insights into what permission sets include which members. On the column on the right-hand side we can see the profile which has been granted these particular permission sets. The ‘user by user group’ option gives a table with tick boxes that simply lets you tick for each user what group they belong to.

You can add users to a user group and have permission sets attached to them. If you wanted to check what the user has attached to them, you can drill into each user card from the ‘users’ page. Here, you can see whether they are in a user group and the permission sets granted to them.

Permission sets

From the ‘user groups’ page, we can reach ‘permission set by user group’ which is the level above, so to speak. Here, you define the permission sets to the user group. So to recap, we assigned users to a group which contains a set of changeable permissions. By clicking into ‘permissions’ itself on the ‘permission sets’ page, we see each individual permissions that make up that set.

Here we see how configurable each permission set is. We see each permission the set contains and options for the usability of each. This allows you to completely customise who can do what!

Another way of doing this would be from the ‘permission set by user’ page which displays the permissions granted for each set clicked on. You will see the individual permissions that make up these sets on the right side of the screen. From here you simply use the tick boxes to add sets to specific users.

Filtering permissions by company

You can filter permissions by company too. This can be reached from the ‘user by user group’ button on the ‘user group’ page. Alternatively, it can be reached from the ‘users’ page. A little confusing I know!

This will only apply if you have multiple companies in Business Central. This might include a test company, a live one and a separate company with only setup in there and no live data. This third company may be completely off-limits to users as it needs to remain untouched. What the administrator can do here, from the user card, is set which permission sets or groups the user has for each company. Somebody may be a super user in a test company so that they can have free reign to learn everything about the system but have an entirely different set of permissions for the live company, dependant on what their role is.

If a user is supposed to have their designated permissions universally applying to all companies, they can just leave the tick-box filter blank.

Hopefully that helps you! If you have any queries, please get in contact with us.

Scroll to Top