Data Security in Business Central

The Business Central security system allows you to control which objects or tables a user can access within each database. You can specify the type of access that each user has to these objects and tables, whether they are able to read, modify, or enter data.

You can specify which records are stored in the tables that each user is allowed to access. This means that permissions can be allocated at both the table level and the record level.

The security system contains information about the permissions that have been granted to each user who can access a particular database.

This information includes the roles that the users have been assigned, as well as any permissions that they have been granted to individual users.

There are four different levels of security:

  • Database

  • Company

  • Object

  • Record

Graphically, these can be represented as the layers, where the central layer is the records in the database.

Security overview.

The first layer of security when you open Business Central is database security.

After you start Business Central and attempt to open the database, your credentials are checked. For more information about granting a user permission to create or work with a Business Central database, see Setting Database Owner and Security Administration Permissions.

Database logins

Users are given a database login when they have their own user ID and password in Business Central. The user must enter the user ID and password to access the database.

Note

Database logins are only valid for connecting to the database from the Business Central.

How database logins work

Users must also have a login on SQL Server. SQL Server has its own authentication of the user's ID and password. SQL Server does this by checking whether a SQL Server login with this user's ID and password has been created.

This login must first be created by a SQL Server administrator, with a SQL Server tool. If a SQL Server login has not been set up, authentication fails and the user receives an error. For more information, see Setting Database Owner and Security Administration Permissions.

The user is granted access to the server after their login has been authenticated. Database security then validates the user's permissions by checking the database user accounts on the server. The permissions that the user has been granted to the various objects within the database, such as tables, are determined by the information contained in the user's database user account. This account also contains information about any additional permissions that the user may have been granted to alter the database itself.

Users and Credential Types
Security Considerations