Permissions Overview

BRC Risk Management implements a least-privilege security model with three permission sets providing granular access control based on user roles and responsibilities.

Security Principles

Permission Set Hierarchy

BRC RISK - ADMIN
    ├── All BRC RISK - EDIT permissions
    └── Setup and configuration rights

BRC RISK - EDIT  
    ├── All BRC RISK - VIEW permissions
    └── Create/modify operational data

BRC RISK - VIEW
    └── Read-only access to risk data

Permission Sets Detail

BRC RISK - VIEW (Read-Only Access)

Purpose: Read-only access to risk data for general users and executives who need risk visibility without data modification capabilities.

Target Users:

Permissions Granted:

Object TypeObject NameReadInsertModifyDelete
Tables
TableBusiness Entity
TableRisk Level
TableRisk Watch List
TableRisk Watch List Line
TableAPI Call Ledger✅*
TableRisk Setup✅**
Pages
PageBusiness Entity List
PageBusiness Entity Card
PageRisk Watchlists
PageRisk Manager Role Center---
PageCustomer Card (Risk FactBox)---
PageVendor Card (Risk FactBox)---

*API Call Ledger shows sanitized data with API keys masked
**Risk Setup read-only for display purposes, no sensitive data access

Functional Capabilities:

Use Case Examples:

BRC RISK - EDIT (Standard Operational Access)

Purpose: Full operational access for users who actively manage risk data and monitoring processes.

Target Users:

Permissions Granted:

Includes all BRC RISK - VIEW permissions, plus:

Object TypeObject NameReadInsertModifyDelete
Tables
TableBusiness Entity
TableRisk Watch List
TableRisk Watch List Line
Actions & Codeunits
ActionFetch Risk DataExecute---
ActionLink to EntityExecute---
ActionAdd to WatchlistExecute---
CodeunitRisk Data FetcherExecute---
CodeunitEntity Linking ManagerExecute---
CodeunitWatchlist ManagerExecute---

Additional Functional Capabilities:

Use Case Examples:

BRC RISK - ADMIN (Full Administrative Access)

Purpose: Complete administrative access for system configuration, setup, and maintenance.

Target Users:

Permissions Granted:

Includes all BRC RISK - EDIT permissions, plus:

Object TypeObject NameReadInsertModifyDelete
Tables
TableRisk Setup❌*
TableRisk Level
TableRisk Level Threshold
TableAPI Call Ledger✅**
Pages & Setup
PageRisk Setup Card--
PageRisk Level List/Card
PageAssisted SetupExecute---
Codeunits & Administration
CodeunitAPI ClientExecute---
CodeunitJob Queue HelperExecute---
CodeunitRisk Setup ManagementExecute---
CodeunitSystem DiagnosticsExecute---

*Risk Setup record cannot be deleted (system integrity)
**API Call Ledger cleanup for maintenance purposes

Administrative Capabilities:

Use Case Examples:

Role-Based Assignment Guidelines

Assignment Recommendations

User RoleRecommended Permission SetRationale
Business Users
Executive/C-LevelBRC RISK - VIEWStrategic oversight, no operational needs
Sales RepresentativeBRC RISK - VIEWCheck customer risk before quotes
Customer Service RepBRC RISK - VIEWUnderstand customer context
Finance ManagerBRC RISK - VIEW or EDIT*Analysis needs, may require data updates
Operational Users
Credit AnalystBRC RISK - EDITActive risk data management
Risk ManagerBRC RISK - EDIT or ADMIN*Depends on setup responsibilities
AR/AP ManagerBRC RISK - EDITMonitor payment risk, fetch updates
Treasury StaffBRC RISK - EDITManage financial exposure
System Users
Application AdminBRC RISK - ADMINSystem configuration and maintenance
IT AdministratorBRC RISK - ADMINTechnical setup and troubleshooting
Implementation ConsultantBRC RISK - ADMINInitial setup and configuration

*Role may require higher permission set depending on organization structure

Permission Assignment Process

Via Business Central User Interface

  1. Access User Management

    • Search for “Users” in Business Central
    • Open the Users page

  2. Select User

    • Find the specific user in the list
    • Click on the user to open the User Card

  3. Assign Permission Set

    • Navigate to User Permission Sets section
    • Click New to add permission set
    • Select appropriate BRC RISK permission set
    • Set Company scope (leave blank for all companies)
    • Click OK to confirm

  4. Verify Assignment

    • Confirm permission set appears in user’s list
    • Test user access to ensure proper functionality

Via PowerShell (Bulk Assignment)

# Example: Assign BRC RISK - VIEW to multiple sales users
$Users = @("sales1@company.com", "sales2@company.com", "sales3@company.com")
foreach ($User in $Users) {
    Add-NAVUserPermissionSet -ServerInstance BC240 -UserName $User -PermissionSetId "BRC RISK - VIEW"
}

Permission Validation

Testing User Access

For VIEW Users:

For EDIT Users:

For ADMIN Users:

Security Considerations

Sensitive Data Access

API Credentials:

Customer/Vendor Data:

Compliance Requirements

Data Protection:

Financial Regulations:

Troubleshooting Permissions

Common Issues

User Cannot See Risk Data:

  1. Verify BRC RISK permission set is assigned
  2. Check underlying Customer/Vendor table permissions
  3. Confirm user has company access where data exists
  4. Validate risk data exists for the entities being viewed

User Cannot Fetch Risk Data:

  1. Confirm user has BRC RISK - EDIT or ADMIN permission set
  2. Verify API configuration is complete (ADMIN task)
  3. Check Job Queue permissions for background processing
  4. Validate network connectivity and API credentials

Setup Pages Not Accessible:

  1. Verify user has BRC RISK - ADMIN permission set
  2. Check for conflicting permission sets that might restrict access
  3. Confirm user session hasn’t timed out
  4. Validate Business Central version compatibility

Permission Conflicts

Overlapping Permission Sets:

Object-Level Conflicts:

For implementation questions or permission assignment assistance, refer to the Support section or contact your Business Central administrator.