With version Business Central 2023 wave 1, Microsoft has implemented a few changes around permissions.
If you are a business user or functional consultant, there is little falling on you. It is the AL developers that should get used to the new concept of inherent permissions.
At Directions NA 2023 in Orlando I had the chance to attend Microsoft Engineering team manager Jesper-Shulz Wedde’s session: What’s new in permissions and user management.
[Note: If you did not read the other blog post or viewed my video based on a different Directions NA 2023 session on Word Templates, read it here]
He walked the attendance through, among many other things, composable permissions, inherent permissions and excluding permissions. This blog is focused on Inherent Permissions, so let’s dive in.
What are inherent permissions?
Inherent Permissions’ perfect use case is when you don’t want to create a new permission set and include the object in the new permission set, but instead, elevate user permissions in a given context. The permission is granted only during the specific method execution via InherentPermissions attribute or to a specific object via InherentPermissions object property.
“With inherent permissions, developers can now grant permissions to a method or event while code executes. As soon as the code execution is completed, permissions are revoked.”
How is this done?
The function/event subscriber that requires special permissions will be decorated with InherentPermissions attribute. The permissions will be assigned at runtime only for the duration of the method execution, being revoked at the end. Therefore, any user, reaching that method, will have the permissions specified in the attribute parameters.
[InherentPermissions(PermissionObjectType::TableData, Database::SVLog, 'RI')]
Specifies the permissions that are inherently assigned to the given object.
The difference between InherentPermissions attribute and InherentPermissions property is that when you assign InherentPermissions property you grant any process to act with the specified permissions, while with InherentPermissions attribute you grant only a specific process/method the given permissions.
For a concise demo watch my video. Don’t forget to subscribe for more tips on Business Central:
InherentPermissions are a great addition in Business Central AL language. The permissions are now granted at the process level using the attribute or can be expanded system wide using the property.
Why would you use InherentPermissions?
- The developer does not need to include the object in the permissionset xml or AL objects
- the admins don’t need to assign the new permission set to users
- The power is handed to developers since they can designate which methods need rights on a specific object
- Cleaner and comprehensible permission sets
- Use it for your own objects
Watch my video and give it a try!