Codeunit "User Permissions"

ID 152
Namespace: System.Security.User

Exposes functionality to check if a user has SUPER permissions set assigned as well as removing such permissions set from a user.

Properties

Name Value
Access Public
InherentEntitlements X
InherentPermissions X

Methods

IsSuper

Checks whether the user has the SUPER permissions set.

procedure IsSuper(UserSecurityId: Guid): Boolean

Parameters

Name Type Description
UserSecurityId Guid

The security ID assigned to the user.

Returns

Type Description
Boolean

True if the user has the SUPER permissions set. Otherwise, false.

CanManageUsersOnTenant

Checks whether the user has permission to manage users in the tenant.

procedure CanManageUsersOnTenant(UserSecurityId: Guid): Boolean

Parameters

Name Type Description
UserSecurityId Guid

The security ID of the user to check for.

Returns

Type Description
Boolean

True if the user with the given user security ID can manage users on tenant; false otherwise.

HasUserPermissionSetAssigned

Checks whether a user has a specific permission set assigned.

procedure HasUserPermissionSetAssigned(UserSecurityId: Guid, Company: Text, RoleId: Code[20], Scope: Option, AppId: Guid): Boolean

Parameters

Name Type Description
UserSecurityId Guid

The user's security ID.

Company Text

The company for which to check

RoleId Code[20]

The ID of the permission set.

Scope Option

The scope of the permission set. System or tenant.

AppId Guid

The app ID of the permission set.

Returns

Type Description
Boolean

True if the user has permission sets assigned.

HasUserCustomPermissions

Obsolete

This element will become obsolete from version 22.0. Replaced with the ArePermissionsCustomized procedure in codeunit Azure AD User Management.

Checks whether custom permissions are assigned to the user.

[Obsolete(Replaced with the ArePermissionsCustomized procedure in codeunit Azure AD User Management.,22.0)]
procedure HasUserCustomPermissions(UserSecurityId: Guid): Boolean

Parameters

Name Type Description
UserSecurityId Guid

The security ID of the user to check for.

Returns

Type Description
Boolean

True if the user with the given user security ID has custom permissions; false otherwise.

GetEffectivePermission

Gets the effective permissions for the current user in the current company.

procedure GetEffectivePermission(PermissionObjectType: Option, ObjectId: Integer): Record "Expanded Permission" temporary

Parameters

Name Type Description
PermissionObjectType Option

The object type to check for.

ObjectId Integer

The object ID to check for.

Returns

Type Description
Record "Expanded Permission" temporary

Returns the effective permissions in a temporary expanded permission record.

Examples

local procedure VerifyIndirectDeletePermission(TableId: Integer): Boolean var TempDummyExpandedPermission: Record "Expanded Permission" temporary; UserPermissions: Codeunit "User Permissions"; begin TempDummyExpandedPermission := UserPermissions.GetEffectivePermission(TempDummyExpandedPermission."Object Type"::"Table Data", TableId); exit(TempDummyExpandedPermission."Delete Permission" = TempDummyExpandedPermission."Delete Permission"::Indirect) end;

See also