al-code-outline icon indicating copy to clipboard operation
al-code-outline copied to clipboard
verified publisher icon anzwdev

Allow setting for adding indirect permissions instead of direct permissions with quick fix add permissions

Open tkroes opened this issue 1 year ago • 5 comments

In the preview version of the Business Central LinterCop by Stefan Maroń there is a new rule to ensure that table data has the correct indirect permissions in an object. Ideally the permissions added to comply with this rule would be indirect, but currently this extension only adds direct permissions (using the light bulb/"quick fix" on an object's name to add table permissions) without option to change it to indirect. I think adding a setting for this, and defaulting it to direct permissions in order to not break existing workflows, would be ideal to solve this problem for us.

tkroes avatar Aug 23 '24 06:08 tkroes

Or add an extra options. ' Add indirect permissions to all object...'.

guidorobben avatar Oct 02 '24 14:10 guidorobben

Also replace old indirect permissions if those exists.

This

Permissions = 
        tabledata "Cust. Ledger Entry" = r;

becomes

Permissions = 
        tabledata "Cust. Ledger Entry" = Rr;

Which gives this compiler error: {C266DA26-7CA7-47EB-A6FE-D9DF805F6372}

And then we have this mess in BC25... image

Personally, I would prefer indirect permissions as default because most of our converted/new code uses those and changing them to direct will add unnecessary changes to Git diff. AFAIK, choice of direct/indirect permissions should not matter since the AL code in procedures and triggers will only use indirect permissions.

ernestasjuska avatar Oct 07 '24 16:10 ernestasjuska

Agreed, both the option to quick fix and add missing permissions on an editor and project scale with a command are crucial to quickly address the notice.

Also replace old indirect permissions if those exists.

This

Permissions = 
        tabledata "Cust. Ledger Entry" = r;

becomes

Permissions = 
        tabledata "Cust. Ledger Entry" = Rr;

I don't really understand why you would want that - wouldn't that mean that indirect permissions would never be allowed?

cegekaJG avatar Nov 07 '24 10:11 cegekaJG

The funny thing is, you never add direct permissions. You can only add indirect permissions. So to make this clear, I would change the the permissions to lowercase, so it is clear what you are adding.

guidorobben avatar Feb 24 '25 11:02 guidorobben

Hello @anzwdev , What is the current status of this task? Is it planned to be implemented?

In my opinion, this would be a valuable improvement, as it would align the generated permissions more closely with real-world usage and best practices in Business Central development. I believe the permissions should be generated as indirect, in line with the need to use the minimum required permissions in each situation. I understand that permissions added to non-visual objects, such as codeunits, tables, etc., should always be indirect, because the only objects that require direct permissions are those used for data visualization, such as pages—and even then, only for the data displayed through the SourceTable. Any other permissions added beyond that are, as I assume, always meant to be indirect. I believe that changing the process to always generate indirect permissions instead of direct ones would not introduce any breaking changes with previous versions, and it would represent a notable improvement to the product. In any case, I currently make intensive use of this command, and after generating the permissions, I manually change the generated direct permissions to indirect ones.

Finally, this command is a great help for Business Central developers, and if this improvement were possible, it would be fantastic!

Best regards, José Antonio López BC Developer at Laberit

ti-jalopez avatar Jun 05 '25 18:06 ti-jalopez