Business Central - Security Filters
“Security is not a product, but a process.” - Bruce Schneier
It is important that as a Business Central administrator, to understand the built-in security features within Business Central. There have been countless times where I come into a project where security is an after-thought. Only applying the out-of-the-box roles, permission sets, and user groups. To some, that may be enough. But what if you want to segregate and filter G/L Accounts on what an AP vs AR specialist can see? What if you only want them to see the Chart of Accounts they are responsible for?
With Business Central, you can limit what they can access utilizing Security Filters with assigned permission set(s). Please note, this option also exist in certain versions of Dynamics NAV.
Let’s take a look at an example, a scenario. Take a user, a Account Receivable or Payable representative. To be granular, a specific range of Chart of Accounts. From my Chart of Account, I would like my user to only see a list of G/L Accounts from 10000 to 10900. From the screenshot below, currently, the user David So can see all G/L Accounts. I would like to limit his view only to see a specific range of Chart of Accounts.
The first step I would take is to create a custom permission set. Reason for this is that you cannot modify existing permission sets. With my example below, I created a basic permission. I added the table for G/L Account for Read, Insert, and Modify. I’m going to leave out the Delete permission. And notice, on the far right column, you will see the Security Filter option. Drill down into it by clicking the three-dots.
A separate window will pop up, giving me an opportunity to choose which field within the G/L Account table that I want filter. In the example below and our chosen scenario, I am going to filter against the No. of the G/L Account table with the filter of “10000..10990”. The result should limit David So from seeing anything but those G/L Accounts.
The next step after applying your Field/Security Filter, assign the permission set against David So. This ensures that when the user access the G/L Account list, it will limit their view.
So when David So logs logs into Business Central and they navigate to the Chart of Accounts, you can confirm that David can only see the G/L Account based upon your Security Filter. You will notice that David can’t scroll further, only limited a range of G/L Accounts.
The Security Filter is quite powerful, allowing you to limit access to certain records to your users. You can virtually apply this to any important tables. Useful in maintaining data integrity.