In today’s data-driven business environment, controlling access to sensitive information is paramount. Microsoft Dynamics 365 Business Central offers robust tools to ensure that users see only the data relevant to their roles. One such tool is record-level security, implemented through security filters.
What Is Record-Level Security?
Record-level security means each user can only see or work with specific records, such as customers, sales orders, or items, based on rules you define.
Example: A salesperson can be restricted to seeing only their own customers, not everyone else’s.
How to Implement a Security Filter in Business Central
Security filters help you control which records a user can access in a specific table. They are applied through Permission Sets.
Step 1: Open Permission Sets
- Click the Search icon in the top navigation bar.
- Type “Permission Sets” and select it from the results.
- Choose an existing permission set from the list, OR click + New to create a new one for the specific user or role.
- If creating a new permission set:
- Enter a Permission Set (e.g.,
PURCHASING). - Provide a short Name or Description (e.g., “Dyn. 365 Post purchase doc.”).
- Enter a Permission Set (e.g.,
Step 2: Add Table Permissions
- Inside the selected permission set, click on the Permissions action.
- Click + New to add a table.
- In the Object Type field, select “Table Data”.
- In the Object ID and Object Name fields, enter the number and name of the table you want to restrict.
- Set the necessary permissions by selecting checkboxes for:
- Read – to allow viewing
- Insert – to allow creating records
- Modify – to allow editing
- Delete – to allow deleting
Step 3: Apply the Security Filter
- Select the table entry you just added.
- Click the “Security Filter”.
- In the Security Filter page:
- Select the Field Number (e.g., 20, 29…)
- Enter the filter Caption (e.g., Shortcut Dimension 1 Code)
- Enter the Field filter
Step 4: Assign the Permission Set to the User
- Open the Search bar and search for “Users”.
- Select the user you want to restrict.
- In the User Permission Sets section, click + New.
- Add the permission set you created in Step 1.
Understanding Security Filter Modes in Business Central
When applying security filters, it’s important to understand the different filter modes that determine how users interact with data.
Step 1: Know the Security Filter Modes
- Filtered Mode – Users see only the records that match the filter. Other records are hidden.
- Validated Mode – Same as Filtered, but shows an error if the system tries to access restricted data. Strict but slower.
- Ignored Mode – Filter is disabled; all records are visible. Use mainly for admins.
- Disallowed Mode – Blocks access when filters exist but cannot be used properly.
Step 2: Pick the Right Mode for Your Needs
- Choose the mode that fits your business rules and keeps data safe.
- Think about how strict access should be and who the user is.
Manage Access for Multiple Users in Business Central
Managing user access one-by-one is time-consuming.
Tip: Create User Groups from the Admin portal to assign roles and permission sets efficiently.
Limitations and Things to Keep in Mind
Reports and XMLports
- Security filters might not apply when data is accessed through Reports or XMLports.
- Tip: Use extra security controls or review these components to ensure sensitive data is protected.
Performance Impact of “Validated” Mode
- Validated Mode increases security but may slow down performance.
- Tip: Use this mode only when necessary.
Always Test Permissions
Test security filter setup by:
- Logging in as the user
- Using the “Test Permissions” feature in Business Central
Tip: This ensures users see only what they’re supposed to.
Best Practices for Setting Up Security in Business Central
Apply the Least Privilege Principle
Give each user only the access they need—nothing more. This reduces risks of unauthorized data access.
Review Permissions Regularly
Especially when:
- Users change roles
- Teams are restructured
- New features are introduced
This keeps access aligned with current business needs.
Keep Clear Documentation
Document:
- Which permission sets are assigned to which roles/users
- What security filters are applied
Helps with audits, troubleshooting, and admin onboarding.
Conclusion
Implementing record-level security in Microsoft Dynamics 365 Business Central helps protect sensitive data and ensures users access only what’s relevant to their roles.
By using security filters, user groups, and following best practices like the least privilege principle and regular reviews, you can maintain a secure and efficient system.
Remember, the goal isn’t just to restrict access—it’s to make your data work smarter and safer for your entire organization.
Frequently Asked Questions (FAQs)
Q1. What is record-level security in Business Central?
A: It controls which specific records (e.g., customers, orders) a user can access based on filters.
Q2. How do security filters work in Business Central?
A: Filters are applied within permission sets at the table level using field-based rules (e.g., Salesperson Code = ‘MH’).
Q3. Can I assign different access to different users?
A: Yes, via unique permission sets or role-based user groups.
Q4. What are the security filter modes?
- Filtered: Hides non-matching records
- Validated: Hides & throws error on restricted access
- Ignored: Shows all records
- Disallowed: Blocks access if filter fails
Q5. Do filters apply to Reports/XMLports?
A: Not always. Use additional security where needed.
Q6. What if a permission set has no filter?
A: The user will have full access to all records per the granted actions.
Q7. How to test security filters?
A: Use “Test Permissions” or log in as the user.
Q8. Does Validated mode impact performance?
A: Yes, due to additional checks—use cautiously.
Q9. Best way to manage access for large teams?
A: Use User Groups and assign role-specific permission sets.
Q10. How often should filters be reviewed?
A: Regularly, especially after role or system changes.
Need Help Securing Your Data in D365 Business Central?
Struggling with permission sets, user access, or record-level security?
I can help you configure filters, assign correct roles, and protect your data—without slowing down your operations.
✍️ Blog curated by the MindCurve Training Team With special thanks to Shahin, Consultant – Microsoft Dynamics 365, for contributing insights based on real-world implementation experience.
📧 For implementation support or tailored consulting, reach out via 3E MindCurve Private Limited
