+44 (0)1782 976577 letstalk@eazydynamics.com

User Roles & Permissions in Business Central

Business Central, Glossary, Training

Two padlocks locked together on a background of a series of codes. Overlay text says 'User Roles and Permissions - Quick Explanation'

User roles and permissions in Business Central decide who can see, change, and approve what. Get them right and your data stays safe, compliant, and under control. Get them wrong and chaos is only one click away.

The gloriously bad explanation

Imagine your Business Central system is a big old stately home somewhere in the Cotswolds.

Every user is a guest wandering about in slippers, holding a mug of tea, opening doors at random. User Roles are the fancy hats they wear: “Finance Top Hat”, “Warehouse Flat Cap”, “Boss Crown”. Permissions are the keys jangling in their pockets.

If you give everyone every key, your warehouse picker can stroll into the drawing room (General Ledger), move the furniture (post journals), burn the sofa (delete transactions), and then pop into the wine cellar (bank accounts) for a quick “reconciliation”.

If you give no one any keys, everyone just stands in the hallway staring at locked doors, sending you Teams messages saying “ACCESS DENIED” while you question your life choices.

So you solve it by:

  • Giving the Finance Top Hat keys to the safe and the ledger rooms.

  • Giving the Warehouse Flat Cap keys to the stock cupboards and loading bay.

  • Giving the Boss Crown keys to… everything, because obviously.

And that, in absolutely the worst possible way, is how user roles and permissions work in Business Central: fancy hats and keys in a stately home full of nervous guests.

Right. Now let’s actually explain it properly.

Previous Glossary Term: FIFO Explained

If you find this article useful, click and subscribe to our newsletter - Business Central Uplugged - helping you use what you've already paid for!

What User Roles & Permissions really mean in Business Central

In Microsoft Dynamics 365 Business Central, user roles and permissions control exactly what each person can see and do inside the system. They’re the foundation of security, compliance, and basic sanity as your team grows.

Users, licences, and permission sets

First, separate three ideas:

  • User – the individual person, authenticated via Microsoft 365 (Entra ID).

  • Licence – what they’re allowed to do from Microsoft’s point of view (e.g. Essentials, Premium, Team Member).

  • Permissions – what they’re allowed to do inside your Business Central environment.

You can absolutely have a fully licenced user who can log in but do almost nothing because you’ve given them minimal permissions. Or the opposite: too much access and they can post, change, or delete data they should never touch.

Business Central uses permission sets to manage this:

  • A permission set is a bundle of access rights (e.g. D365 BUS FULL ACCESS, D365 AP JOURNALS, D365 WMS).

  • Each permission set defines which tables and objects a user can read, insert, modify, delete, or execute.

  • A user can have multiple permission sets, which combine to give their overall access.

You can use Microsoft’s standard permission sets, clone them, or build your own for tighter control.

Roles vs practical job roles

Strictly speaking, Business Central thinks in terms of permission sets and user groups, not “roles” in the HR sense. In real life, you combine them to match actual jobs:

  • Finance Manager – posting to the general ledger, managing dimensions, approvals, VAT returns, bank reconciliation.

  • Accounts Payable Clerk – entering and posting purchase invoices, but no access to system setup.

  • Warehouse Operative – processing picks, put-aways, and shipments, but no finance or master data changes.

  • External Accountant – reporting and posting journals, but limited access to operational areas.

You design a small number of role-based permission combinations and assign them consistently, rather than building something bespoke for every individual.

Why it really matters for SMEs

For small to mid-sized businesses, this isn’t just “IT admin housekeeping”:

  • Reduces error and fraud risk – the same person shouldn’t be able to create a supplier, post invoices, and change bank details.

  • Supports audit and compliance – clear separation of duties helps with auditors, funding providers, and regulatory expectations.

  • Protects sensitive data – limit access to payroll-related vendors, profit margins, or management reports.

  • Keeps the system usable – users see only what matters to their job, not 400 menus they’ll never touch.

Done well, roles and permissions give you control without slowing people down.

Practical tips for setting up roles and permissions

  1. Start from job roles, not from the menu
    List your main roles: Finance Manager, AP Clerk, AR Clerk, Ops Manager, Warehouse, Director, etc. Decide what each must do day to day.
  2. Use standard permission sets as building blocks
    Start with Microsoft’s sets, test them, then clone and trim. It’s faster and safer than building everything from scratch.
  3. Apply the “minimum necessary” rule
    Give the least access needed for someone to do their job properly. If they can’t do something legitimate, add what’s missing – don’t just throw “full access” at them.
  4. Separate duties around money
    Split vendor creation, posting invoices, and changing bank details across different roles where possible. The same logic applies to credit limits and discounts.
  5. Review regularly
    People change roles, responsibilities shift, and your processes evolve. Schedule a permissions review at least annually – more often if you’re growing quickly.

User roles and permissions in Business Central are not a one-off setup task. They’re an ongoing control that protects your data, your reputation, and frankly, your sleep.

FAQs: User Roles & Permissions in Business Central

What are user roles and permissions in Business Central?
In Business Central, user roles and permissions control what each person can see and do in the system. They are defined through permission sets that grant access to specific data and functions, such as posting journals or processing warehouse documents.
How do I assign roles or permissions to a new user?
First, add the user via Microsoft 365 and assign the correct Business Central licence. Then, in Business Central, open the Users page and assign one or more permission sets (or user groups) that match the user’s job role, such as finance, sales, or warehouse.
What is the difference between a licence and permissions?
A licence defines what Microsoft allows the user to access in Business Central overall. Permissions define what the user is actually allowed to do within your environment. A user may be licenced but still restricted by limited permission sets, or over-privileged if given overly broad permissions.
Can I restrict users from posting or changing data?
Yes. Permission sets can control whether a user can read, insert, modify, delete, or execute specific objects. You can allow users to enter data but block them from posting, or allow posting only in certain areas, such as sales but not the general ledger.
How should SMEs design a good permission model in Business Central?
Start with a small set of clear job-based roles, such as Finance Manager, AP Clerk, Warehouse Operative, and Director. Use standard permission sets as a base, clone and refine them, apply the minimum-necessary principle, and review access regularly as your team and processes change.

Can We Help?

Want to add more control and security to your BC implementation with User Roles and Permissions? Time to get in touch!

Enter your details below or call us on +44 (0) 1782 976577