D365 Business Central : Notify on Changed Permission Set

D365 Business Central contains a number of predefined permission sets (categorized by type System or Extension) that are added by Microsoft or by your software provider. We can use these Permission Sets as it is or create our own custom ones. We don’t need to start from scratch. Microsoft doesn’t allow us to modify the predefined ones, however we can copy these permission sets to a new one and modify from that. Nice !

You can read more from Microsoft’s documentation describes on how to manage these permissions.

The issue comes when we need to upgrade our D365 Business Central environment. When D365 Business Central is updated, Microsoft can add or remove permission in these predefined permission sets. These new permissions update can be crucial to the users. Without the new permission, users may encounter errors from things, such as login, creating sales order, etc.

If we are using our own permission set, we need to make sure that we pay attention to permissions when we upgrade Business Central environment, especially the major version.

Microsoft has a built in function to Notify on Changed Permission Set. However, it doesn’t really tell us how it works. Time for investigation !

Let’s copy the existing D365 Basic permission set.

Specify the new names and turn on Notify on Changed Permission Set, and click OK.

When we click OK, it will create a new record on Table 9802 : Permission Set Link, and generates Source Hash.

If we try to access table 9802 directly, we will get below error permission.

However, we can access the related page, which is Page 9846 : Changed Permission Set List.

When Microsoft modifies their predefined permission sets, it will have a different Source Hash. In theory, we can do Source Hash comparison and know which permission sets have been updated.

When do we get this notification ? We get notification only when we open Permission Sets page. If we don’t open the page, we will never get the notification.

Who will get this notification ? Only user who can manage the users on tenant which is user with SUPER or SECURITY permission.

And only user who enable the “Original System permission set changed” notification. Default is enabled.

Let’s try to open Permission Sets page after we modified the hash and see if we get the notification. We can see that the notification shows up, and there is a button for Show More.

If you click on Show More, it will open up Page 9846 : Changed Permission Set List.

And that’s it. Nothing else. It doesn’t tell us which permissions have been added or removed, so we need to do comparison on our own. It’s very minimum feature and there’s a lot to be desired. Hopefully Microsoft will improve this notification in the future.

thatnavguy

Experienced NZ-based NAV Developer and Consultant with 15+ years of experience leading multiple IT projects, performing business analyst, developing, implementing, and upgrading Dynamics NAV and Business Central. Passionate to deliver solution that focuses on user-friendly interface while keeping high standard of compliance with the needs.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *