Business central permissions

Business Central uses a permission model based on five core actions. These permissions are often referred to as the RIMDX model (Read, Insert, Modify, Delete, Execute).

Permission	Description
Read (R)	Allows users to view data within Business Central.
Insert (I)	Allows users to create new records in the system.
Modify (M)	Allows users to change or update existing records.
Delete (D)	Allows users to remove records from the database.
Execute (X)	Allows users to run reports, processes, or system code.

Permissions are grouped into permission sets, which are then assigned to users. These permission sets determine what areas of Business Central users can access and what actions they can perform.

In smaller environments this structure works well. However, as organizations grow, managing permissions manually can become increasingly complex.

Many organizations struggle with permission management as their Business Central environment grows. It can be difficult to maintain a clear overview of who has access to what, and administrators often rely on spreadsheets or manual checks that quickly become outdated.

Over time, users may accumulate permissions due to role changes or temporary access, creating security risks. At the same time, auditors increasingly require proof that access rights and responsibilities are properly controlled, while sensitive data such as bank accounts or credit limits must be protected from unauthorized changes.

To maintain a secure and scalable ERP environment, organizations should follow several best practices when managing Business Central permissions. Instead of assigning permissions individually, it is recommended to use role-based permission sets for departments such as finance, purchasing, or warehouse operations, which simplifies administration and reduces configuration errors.

Companies should also apply the principle of least privilege, meaning users only receive the access required to perform their job. In addition, organizations should implement segregation of duties (SoD) so that critical actions are separated, for example:

• Creating a vendor and approving payments.
• Entering invoices and releasing payments.

Finally, permissions should be reviewed regularly to ensure access rights still match user responsibilities, especially after events such as promotions, department changes, or staff turnover.

Auditing permissions is critical for organizations with strict compliance or financial reporting requirements.

A typical permission audit involves:

• Reviewing all permission sets.
• Identifying users with excessive permissions.
• Detecting segregation of duties conflicts.
• Verifying access to sensitive data.

However, performing these audits manually can be extremely time-consuming, especially in organizations with dozens or hundreds of ERP users.

When organizations grow beyond 25–50 Business Central users, permission management becomes significantly more complex. At this stage, companies often deal with hundreds of different permission combinations, multiple departments with unique access requirements, increasing audit and compliance demands, and growing difficulty maintaining a clear overview of who has access to what.

As the ERP environment expands, managing permissions manually becomes time-consuming and error-prone, which is why many organizations adopt specialized tools to visualize permissions, detect conflicts, and automate governance.

2-Controlware provides solutions specifically designed for authorization management and compliance in Business Central environments.

Solution	Description	Key Capabilities
Authorization Box	Centralized solution for managing roles and permissions in Business Central.	Visualize user permissions, manage roles and permission sets, detect segregation of duties conflicts, and simplify audit and compliance reporting.
Field Security	Protects sensitive fields by controlling who can view or modify specific data in Business Central.	Restrict access to sensitive information such as bank account numbers, credit limits, and other financial data.
Field Validation	Ensures that changes to important fields follow predefined business rules.	Prevent errors and unauthorized modifications by enforcing validation rules for critical data fields.

Organizations typically start needing advanced permission management once their Business Central environment grows and becomes more complex. This often happens when the system has around 25 or more users, multiple departments rely on the ERP environment, external auditors require stronger internal controls, and managing permissions manually becomes increasingly difficult.

At this stage, organizations often adopt specialized tools to maintain visibility, control user access more effectively, and ensure that their ERP environment remains secure as it continues to scale.