In ACS all security configuration is bundled in Security Features. Security Features are then assigned to User, User Groups or Permission Sets.

Security Features can be prioritized in case you have overlapping features. The highest priority Security Feature wins.

A Security Feature can hold four different types of configuration:

  • Field Access – Specify the rules for database fields. This is can done on four different levels: (*)
    – For all fields on the table (by not specifying a field)
    – For all fields no the table on a specific page
    – For all places where a specific field is used
    – For a specific field, on a specific page
    (*) Field Access can be combined so you can turn off all fields and turn on specific ones you need.
  • Page Controls – Specify the rules for controls (fields) on a specific page. This is usually for controls that are not bound to database fields.
  • Action Access – Specify the rules for actions in the action bar.
  • Data Access Filters – Apply filters on data. The filters can be based on User Filters so filters can be individually per user.

The above Security Feature example does the following:

  • Disable the Address and Address 2 fields on Customers
  • Hide the Map control on the customer card
  • Disables the Statistics action on the customer card (called Action76)
  • Apply a dynamic filter on Customer Posting Group on both the Customer and Customer Posting Group tables.

Notice the notification at the top:

Warning about security settings not covered in the current generated extension

Here we’re using the Optimized method but the current generated extension does not include Customer and Customer Posting Tables.

The Action76 in the above example is the name of the action we want to disable. Some control and actions have very strange names behind the scenes, but when you perform the lookup in ACS, we’ll find the caption that hopefully will help you find the right control:

Some controls can be very hard to locate since not all control does have a caption. In that case, you might need to get in contact with a technical Business Central resource or do some trial-and-error testing yourself.