If your multi-company environment has you stressing over permissions within Microsoft Dynamics 365 Business Central, you already know that they can quickly become complex. Fortunately, Security Groups offer a streamlined way to control access across companies—especially when users need different levels of access depending on the company.
Let’s explore a real-world scenario: You have a group of users who should be able to add master data (customers, items, vendors) in one company but only have read or select access in all other companies. Here’s how to set that up.
🧩 Step 1: Create a Security Group
Start by creating a Security Group in Microsoft Entra ID (formerly Azure Active Directory) or the Microsoft 365 Admin Center.
- Name the group clearly (e.g.,
MasterData_CompanyA_ReadOnly_Others) - Add all relevant users to this group.
🔗 Step 2: Link the Security Group in Business Central
In Business Central:
- Navigate to Security Groups.
- Create a new entry and link it to the Entra security group.
- Users will appear in the Members pane once they are added as users in BC.
🛡️ Step 3: Assign Company-Specific Permission Sets to Security Groups
This is where the magic happens. You’ll assign different permission sets to the same group, scoped by company.
For the company where users can add master data:
Assign permission sets like:
D365 ITEMD365 CUSTOMERD365 VENDOR
Set the Company column to the specific company name (e.g., Company A).
For all other companies:
Assign a read-only or limited permission set, such as:
D365 READ- Or a custom permission set that allows selection but not creation
Set the Company column to each of those companies individually.
🧪 Step 4: Verify Effective Permissions
Use the Effective Permissions page to confirm what each user can do in each company. This ensures your setup is working as intended and avoids accidental over-permissioning.
📋 Example Configuration
| Permission Set | Company Name |
|---|---|
| MGC ITEM | Company A |
| MGC CUSTOMER | Company A |
| MGC VENDOR | Company A |
| MGC READ ALL | Company B |
| MGC READ ALL | Company C |
✅ Benefits of This Approach
- Centralized management via Security Groups
- Granular control over permissions per company
- Scalable for future changes or additional companies
- Audit-friendly with clear visibility into user access
The Take-away
You no longer need to stress over Security Groups. As illustrated here, they offer a streamlined way to control access across companies—especially when users need different levels of access depending on the company. Thank you for yet another opportunity to Share the Righter WayTM of working in Business Central.
