Hello Everyone,
Let's say a user wants to run a certain process and in ideal cases, that user should have the permissions which you can assign by adding a user to the User Group. This sometimes leads to a lot of Permission errors and granting unnecessary permissions.
Let's take an example:
A person from Controlling needs to run a Custom report that she uses to fetch the budget information. This report needs Permissions to different buffer tables, processing codeunits, System Applications, etc. Instead of adding these permissions to the Permission set or User group, I will simply add 'Permanent' Permission in the code of the report. The report will run using the assigned Permissions. This also increases the level of security as the User group itself.
Note: If the code involves Business Sensitive Data, add those kinds of Permissions to Permission sets as these Permissions should be controlled.
Syntax:
[InherentPermissions(PermissionObjectType: PermissionObjectType, ObjectId: Integer, Permissions: Text [, InherentPermissionsScope: InherentPermissionsScope])]
Example:
[InherentPermissions(PermissionObjectType::TableData, 50007::MathAmount, 'r', InherentPermissionsScope::Both)]
In Microsoft's words:
With inherent permissions, developers can now grant permissions to a method or event while code executes. As soon as the code execution is completed, permissions are revoked. Inherent permissions simplify the overall management and maintenance work of permission sets. With it, a specific AL method or event can get the elevated permissions necessary to finish the task at hand without getting permission errors. And it helps tighten overall security by limiting long-term user permissions and giving permissions to the code process instead.
Reach out to me if you have any questions or suggestions.
Check out other blogs, if you haven't already.
No comments:
Post a Comment