All application objects must be covered by a PermissionSet

Properties
AC0010 Warning Design Code Fix Ignore Obsolete

A well-packaged extension ships with permission sets that cover every application object it introduces. When tables, pages, codeunits, reports, queries, or xmlports are not included in any permission set or permission set extension, administrators must manually discover and grant permissions for each uncovered object before users can work with the extension.

For tables with the default Normal table type, both Table and TableData permissions are required — missing either one triggers a separate diagnostic.

Define permission sets in your extension that cover every application object, so that assigning the permission set is all an administrator needs to do.

Example

The following table is not covered by any permission set:

table 50100 "Reward" // All application objects must be covered by a PermissionSet [AC0010]
{
    fields
    {
        field(1; "No."; Code[20]) { }
        field(2; Description; Text[100]) { }
    }
}

Create a permission set that includes the table:

permissionset 50100 "Reward - Admin"
{
    Assignable = true;
    Caption = 'Reward - Admin';

    Permissions = table "Reward" = X,
                  tabledata "Reward" = RIMD;
}

When the diagnostic is reported

  • The object is a codeunit, page, query, report, table, or xmlport.
  • No permissionset or permissionsetextension in the extension (defined in AL or XML) grants a permission for the object.
  • For tables with TableType = Normal, Table and TableData permissions are checked independently. Non-normal tables (temporary, CDS integration) require only the Table permission.

Exception

Objects with the InherentPermissions property are excluded from the check. This property grants permissions at the object level, making explicit permission set coverage unnecessary.

See also