Override entitlements with inherent permissions


This content is archived and is not being updated. For the latest documentation, go to What's new and planned for Dynamics 365 Business Central. For the latest release plans, go to Dynamics 365 and Microsoft Power Platform release plans.

Enabled for Public preview General availability
Users, automatically - Oct 1, 2022

Business value

With this ability, developers can make even more robust permission checks in their code.

Feature details

Before 2022 release wave 2, the inherent permissions feature only allowed for extending role permissions (coming from user-assigned permission sets). So, if a developer gives fewer permissions than the license and entitlements, the change doesn't affect the user. If the developer gives more permissions than the license and entitlements, nothing above what is granted by the license and entitlements is considered—the permissions are limited to what the entitlements allow. With the current inherent permissions attribute, it isn't possible to go above and beyond entitlements, regardless of what permissions the developer provides through AL code.

In the 2022 release wave 2, we add the ability to override entitlements with inherent permissions by adding a new optional parameter to the InherentPermissions attribute called InherentPermissionScope. The following three possibilities are now available in AL:

[InherentPermissions(PermissionObjectType:Table, Database:MyTable, 'x', InherentPermissionScope:Entitlements)]
[InherentPermissions(PermissionObjectType:Table, Database:MyTable, 'x', InherentPermissionScope:Permissions)]
[InherentPermissions(PermissionObjectType:Table, Database:MyTable, 'x', InherentPermissionScope:Both)]

The default value is InherentPermissionScope:Both.

See also

Inherent Permissions (docs)