This new base permission set would then allow more flexibility in adding permission set to add specific pages and reports based on the users roles and save time of not having to create the new base permission set.
Keep the existing permission sets but add a new one for the more restrictive base set.
Comments
Agree. It is a common ask of our clients that certain roles should NOT see many of the financial pages that expose the company's financials.
Category: General
I agree a hundred percent. We have been offering our customers customized basic rights based on manual authorizations at object level for a long time.
There is already an entry in this blog from my colleagues: https://experience.dynamics.com/ideas/idea/?ideaid=0a1a522c-e685-e911-80e7-0003ff68897c
Category: General
100 % agree.
After base-app and system-app had been made, I think it would make very good sense to create a permission that only grants the user the basic permission in order to log in.
I've just had a case with Microsoft with a tenant here, where a custom permissionset for team-member licensed users lacked one specific 20000x table which caused tenant to be extra loaded and led to instability for the entire tenant.
This would have been avoided, if Microsoft made a basic system-permission set that all users got when created. A base permission to to be able to login. All other permissions set would add additional areas.
Category: General
I agree with the above limitations of the system, not all users should be able to see certain confidential data within general ledger, bank accounts etc.
Category: General
Business Central Team (administrator)