SL Overlay - SL Permissions Comparison Report

SL Permissions Comparison Report

A permission set is a collection of permissions for specific database objects. All users must be assigned one or more permission sets before they can access Business Central. The Dynamics D365 Business Central security system allows you to control which objects a user can access within each database or environment. You can specify for each user which specific permissions they have on an object. Permissions options include:

  • Read - Specifies out whether the user has permission to read this object.

  • Modify - Specifies out whether the user has permission to modify this object.

  • Insert - Specifies out whether the user has permission to insert new data in this object

  • Delete - Specifies out whether the user has permission to delete this object

  • Execute - Specifies out whether the user has permission to execute this object.

The SL Permissions Comparison report is a new report added to Dynamics 365 Business Central. The SL Permissions Comparison Report allows you to compare one user’s permissions to another user’s permissions to make it easier to troubleshoot permission issues. The goal is to help during the setup or during the changing of permissions. It compares two people's permissions and shows where:

  1. Both users have permissions to the same object type, but within each permission set there are different individual rights that can be granted by user to perform actions on the object. Example: One user has read and insert permissions and the other user does not have read insert and delete permissions.

  2. One user has access to one object type and the other user does not have access to the object type.

    Note

    If both users have the same access to an object type, then the object type will NOT be listed on the report

You can access the SL Permissions Comparison report in two ways. You can use the search feature to locate the report, or you can also navigate to the Effective Permissions page > SL Menu > SL Permissions Comparison.

Options

Under the Options menu, you must select a User 1 Name and a Company 1 name. This is the first user and Company used for the comparison of permissions. Then select a User 2 Name and a Company 2 which will be used to compare permissions with User 1/Company 1.

  1. User 1: Specifies the first user to which the effective permissions apply and is the first user and company used for the comparison of permissions.

  2. Company 1: Specifies the company associated with User 1 for which effective permissions will be shown.

  3. User 2: Specifies the second user to which the effective permissions apply and is the second user and company used for the comparison of permissions.

  4. Company 2: Specifies the company associated with User 2 for which effective permissions will be shown.

Report Columns

The report displays User 1 object permissions in the far-left column and User 2's object permissions in the far-right column. The middle section of the report displays the object name to which permissions have been given for a user, and further displays the level of access to that object.

  • User 1 column displays "Missing": Indicates that the Permission Set line is one that User 1 does not have defined but user 2 does. One line displays for that Permission Set with the text "Missing" displaying in User 1 column.

  • User 1 column displays "User 1" - When User 1 and User 2 have permission to the same object with different rights, both lines are printed. The text User 1 displays in the User 1 column and the text User 2 displays in theUser 2 column to denote which line pertains to which user. The lines display the rights each user has to the object.

  • User 2 column displays "Missing": Indicates that the Permission Set line is one that User 2 does not have defined but User 1 does. One line displays for that Permission Set with the text Missing displaying in the User 2 column.

  • User 2 column displays "User 2" - When User 1 and User 2 have permission to the same object with different rights, both lines are printed. The text User 2 displays in the User 2 column and the text User 1 displays in theUser 1 column to denote which line pertains to which user. The lines display the rights each user has to the object.

Permissions

  1. Object Type - Specifies the type of object to which the permissions apply in the current database (Example: Table Data).

  2. Object Name - The name of the object to which the permissions apply (Example Customer, Item, Vendor Ledger Entry).

  3. Read - Specifies out whether the permission set includes read permission to this object. The options are:

    • Yes - means the user has read permission to the object.
    • Indirect - means permission granted to the object. with this permission being dependent on also having permission granted on another, different object
    • Empty - if the field is empty, the permission set does not include read permission.

  4. Insert - specifies whether the permission set includes permission to insert into this object. The options are:

    • Yes - means the user has permission to insert to the object.
    • Indirect - means permission granted to the object. with this permission being dependent on also having permission granted on another, different object.
    • Empty - if the field is empty, the permission set does not include insert permission.

  5. Modify - specifies whether the permission set includes permission to modify this object The options are:

    • Yes - means the user has permission to modify the object.
    • Indirect - means permission granted to the object. with this permission being dependent on also having permission granted on another, different object.
    • Empty - iif the field is empty, the permission set does not include permission to modify the object.

  6. Delete - Specifies information about whether the permission set includes permission to delete this object. The options are:

    • Yes - means the user has permission to delete the object.
    • Indirect - means permission granted to the object. with this permission being dependent on also having permission granted on another, different object.
    • Empty - if the field is empty, the permission set does not include permission to delete the object.

  7. Execute- Specifies information about whether the permission set includes permission to execute this object. The options are:

    • Yes - means the user has permission to execute the object.
    • Indirect - means permission granted to the object. with this permission being dependent on also having permission granted on another, different object.
    • Empty - if the field is empty, the permission set does not include permission to execute the object.

  8. In User-Defined Permission Set - Specifies if the object is included in a User-Defined permission set. The options are:

    • True
    • False

Permission Sets

  1. Permission Set- Specifies the permission set that gives the user permissions to the object chosen in the Permissions section.

  2. Description - Description of the permission set.

  3. Extension Name - Specifies the origin of the permission set that gives the user permissions for the object chosen in the Permissions section. Note that rows with the type of Entitlement originate from the subscription plan. The permission values of the entitlement overrule values that give increased permissions in other permission sets. In those cases, the permission level is Conflict.

  4. Permission Scope - Specifies the type of the permission set that gives the user permissions for the object chosen in the Permissions section. Note that you can only edit permission sets of type User-Defined.