Scenario:  After an Microsoft update of Business Central, Environments where copies of standard Business Central permission sets are used by the company, there are new objects that can be introduced that are then missing from the copied base permission set.  This can cause related permission errors during login or processing.

Background:  In the following example this error is not a "bug" with an update. Microsoft has introduced new tables, pages, reports, etc. and if custom permission sets are assigned to users, the custom permission sets sometimes need to be adjusted to give the permission to the new objects if the user requires them or if it's a "base" object required to access the system. This is the case here, the User Environment Login table is new and users need access to it. 


Recommendation:   As of now, there's no notification of upcoming changes that will let us or users know what objects will be added so permissions can be adjusted in advance. When users get an error like the below, there's a 99.9% chance an update took place, objects were added and the solution is a permission set adjustment. SUPER users or those who manage Business Central permissions need to be aware this is part of normal permission set maintenance. 


If a system permission set was copied to create the custom sets, there can be a notification and is displayed on the screen as a popup if the notification is enabled and only when enabled by the user and only when you look at permission sets.

As part of your testing process during an update it will be important to review your copied permission sets from standard Microsoft 365 Business Central.  These are typically an environment specific copy of the "BASIC" permission set that is restricted or altered for custom functionality. 



The notification will also only display if the Notify on Changed Permission Set option is selected when the permission set is initially copied. 



I have a copy of the standard D365 BASIC role that was created and ensured to set the Notify on changed permission set:

Note that the type is "User-Defined" and is a copy of the D365 BASIC when viewing.

When opening this permission set type that has been copied, a prompt will occur as to whether to update from the Role that it was copied from and it is advised to select to do this to add new or changed permissions.