Special permission sets
The following permission sets have special definitions that you should be aware of as you implement permissions and security for Business Central users.
Permission set | Definition |
---|---|
SUPER | Can read, use, update, and delete all data and all application objects in the scope of your license. Business Central requires that at least one user is assigned this permission set in each database. The first user created is automatically assigned the SUPER Permission Set You can't modify permissions for the SUPER permission set. Running a synchronization of users from Microsoft 365 using the Update Users from Microsoft 365 guide, requires the SUPER permission set. |
SUPER (DATA) | Can read, use, update, and delete all data in the scope of your license. You typically assign this permission set to an accounting manager who needs to work with all data but doesn't need to change Business Central. |
SECURITY | Manage the permission sets that are assigned to your account. When assigned this permission set, you can:
|
BASIC | Grants Read access to almost all application tables and all system tables. The main purpose of this permission set is to enable the service to open and show all pages. Note: This permission set is available only for Business Central on-premises. |
D365 BASIC | Grants Read access to almost all application tables and all system tables. The main purpose of this permission set is to enable the service to open and show all pages. |
FOUNDATION UI | A prerequisite for all other permission sets. The FOUNDATION permission set grants access to system tables and application setup tables that are required for most application features to work. Note: This permission set is recommended when using the UI Elements Removal feature to automatically remove UI elements according to user permissions. For more information, see Removing Elements from the User Interface According to Permissions. Note: This permission set is available only for Business Central on-premises. |
SYSTEM APP - BASIC | Grants access to most features of the system application and is required for sign in to Business Central. |
SYSTEM APP - ADMIN | Grants full permissions to all features of the System Application. |
LOGIN | Grants the minimum permissions to application and system objects that needed to sign in to Business Central. Use the permission set to allow users to sign in to Business Central without accidentally granting them permissions beyond those required by their tasks. By granting this permission set, the user will always be able to sign in. Note: This permission set doesn't grant access to a Role Center. It only allows the user to sign in to Business Central. |
USERGROUP | Note: This permission set is deprecated in Business Central online. Use the SECURITY permission set instead. This permission set allows you to manage memberships and permissions for users in user groups in Business Central on-premises. |
Related information
Removing elements from the user interface according to permissions