Permission Set Extension Object

APPLIES TO: Business Central 2021 release wave 1 (v18.0) and later

The permission set extension object in Business Central adds permissions to an existing permission set defined in AL. A permission set extension object cannot remove permissions from an existing permission set, it can only add permissions. If you, for example, add an extension to Business Central, you can use permission set extension objects to grant permissions to the objects in your extension. This means that the admin of Business Central does not have to assign additional permission sets to the users, because that automatically happens when the extension is installed, and the permissions go away if the extension is uninstalled.

For information about which permissions can be assigned to objects, see Permissions on Database Objects.

Designing with cautiousness

If a permission set is extended through AL, that extension will make additive changes to the permission set. This means that an extension can provide elevated privileges to an otherwise limited set of permissions. Building permission sets that can be extended must be done carefully with this in mind.

A best practice when creating an application with permission set extensions is to ensure that they only add permissions for objects, which are part of the application. This is because an administrator may not realize, or expect, that installing a new application may also grant elevated privileges. This design pattern minimizes the possibility of the permission set extension impacting any functionality beyond the intended application. This keeps the permission changes predictable and targeted.

Snippet support

Typing the shortcut tpermissionsetextension will create the basic layout for a permission set extension object when using the AL Language extension for Microsoft Dynamics 365 Business Central in Visual Studio Code.

Tip

Use Ctrl+Space to trigger IntelliSense and get assistance on code completion, parameter info, quick info, and member lists. For more information about snippets, see Syntax and snippets.

Permission set example

The following permission set extension example extends the Sales Person permission set by adding direct insert and delete permissions to the Currency table data.

permissionsetextension 50140 "Extended Sales Doc" extends "Sales Person"
{​
    Permissions =​ tabledata Currency = ID;
}

Developing Extensions
AL Development Environment
Entitlements and Permission Set Overview
Permission Set Object
Permissions on Database Objects
Assignable Property
Permissions Property