All application objects must be covered by a PermissionSet
A well-packaged extension ships with permission sets that cover every application object it introduces. When tables, pages, codeunits, reports, queries, or xmlports are not included in any permission set or permission set extension, administrators must manually discover and grant permissions for each uncovered object before users can work with the extension.
For tables with the default Normal table type, both Table and TableData permissions are required — missing either one triggers a separate diagnostic.
Define permission sets in your extension that cover every application object, so that assigning the permission set is all an administrator needs to do.
Example
The following table is not covered by any permission set:
table 50100 "Reward" // All application objects must be covered by a PermissionSet [AC0010]
{
fields
{
field(1; "No."; Code[20]) { }
field(2; Description; Text[100]) { }
}
}Create a permission set that includes the table:
permissionset 50100 "Reward - Admin"
{
Assignable = true;
Caption = 'Reward - Admin';
Permissions = table "Reward" = X,
tabledata "Reward" = RIMD;
}When the diagnostic is reported
- The object is a codeunit, page, query, report, table, or xmlport.
- No
permissionsetorpermissionsetextensionin the extension (defined in AL or XML) grants a permission for the object. - For tables with
TableType = Normal,TableandTableDatapermissions are checked independently. Non-normal tables (temporary, CDS integration) require only theTablepermission.
Exception
Objects with the InherentPermissions
property are excluded from the check. This property grants permissions at the object level, making explicit permission set coverage unnecessary.
See also
- PermissionSet object on Microsoft Learn
- Composing permission sets on Microsoft Learn