In Dynamics 365 Finance & Supply Chain, there are two ways to create permissions, through the user interface and in code. Adding a deny permission is simple in the user interface, but what if you want to add the deny permission to a security privilege when developing a new feature? Keep reading.
Problem: Deny Permission is not available in X++ Development
When developing a new security privilege in Visual Studio, a developer can select an access level from a preset list the application supports. This grants the ability to read, update, revoke all access, etc. Most of the time, this works well. The problem is there is no option in Visual Studio to explicitly deny update, but grant read at the same time. In fact, there is no option to explicitly deny specific permission at all.
Solution: XML Editing
Luckily, there is a solution to this by editing the XML of the privilege directly. Following our example to grant read but deny update, find the XML file of the privilege and change Allow to Deny. Below, Visual Studio Code was used to edit the XML.
Use Case: Deny all users permission to update
Why was this needed in the first place? We had a requirement to grant read to all users but deny update. The solution was complex, it was not desired to simply do this in the front end, where it could be wiped out by mistake or in a deployment. Thus, deny permission in X++ development was required in the privilege by the developer.