and prevent users from changing their intended role
In Business Central, users can easily change the role assigned to them. This can happen by accident, because they just want to see what's happening, or deliberately, because they want to “browse” … let's say.
Depending on the type of role, users can gain access to a wide variety of data in this way, such as payroll, business data (outside the user's scope), etc. You can learn how to prevent users from changing the role assigned to them in this blog post. You can also use the procedure in this blog entry to protect another page or data from being accessed by users or user groups.
Let's start:
First, indentify the page you are looking for. In our example we want to restrict the access to the Available Roles list in the settings.
From the rolecenter, we press ALT+T to access the settings (or we click on ther gear icon in the upper right corner of the screen and select “My Settings”).
Click on the Role menu.
Press CTRL+ALT+F1 to open the page inspection. Note the ID of the page (here Roles - 9212).
Navigate to the Permission Sets page.
For our example we will copy the D365 BASIC permission set. We check if this permission set has a permission for the page Roles (#9212). Select the permission set in the list and click Copy Permission Set… from the menu.
Give the copy a new name. We used Restricted Access.
Once the copied permission set is created, click on Permissions from the menu.
On the permission set card, select Exclude in the Type column.
Specify Page in the Object Type column.
Enter the ID of the page (here 9212) in the Object ID column.
Leave the permission set card and go back to the permission set list.
Select Related > Permissions > Permissions by User from the menu.
Assign the permission set to the user who shouldn't be able to change the role. Also make sure that the user is not assigned the D365 Basic permission set anymore. Always keep at least one super user ;).
You are done now. By the way it is sufficient to restrict the access to the page 9212 Roles. Even from the user settings card ther user wont be able to change the assigned role.
Here is a summary of all the steps detailed above:
Comments