Required Permissions
Assign the following permissions based on the operation to be performed:
-
Read operations: The registered Azure Active Directory application must have the Automation.ReadWrite.All permission on the Azure Portal.
The Azure Active Directory application must be a member of D365 AUTOMATION and D365 SECURITY groups on Business Central Online.
-
Write operations: In addition to permissions required for read operation, the Azure Active Directory application or the delegated user of refresh token must be a member of SUPER permission set on Business Central Online.
Perform the following steps to assign the permissions:
-
The Client Credentials /JWT Certificate Credentials Grant Type requires the following permissions on Azure Active Directory application:
-
Under API permissions select Add Permissions, and then select Dynamics 365 Business Central > Application Permissions > Automation.ReadWrite.All.
-
After assigning permission select Grant admin consent for...
-
Add same application on Dynamics Business Central using Azure Active Directory Applications page assign D365 AUTOMATION and D365 SECURITY under User Groups table, clear the value in Company Name column if present.
-
To support all write operations, assign SUPER permission set under User Permissions table clear the value in Company Name column if present.
-
After assigning the permissions select Grant Consent and enable the toggle.
-
-
The Refresh Token Grant Type requires the following permission on Azure Active Directory application:
-
Under API permissions select Add Permissions > Dynamics 365 Business Central > Delegated permissions > user_impersonation.
-
Business Central user under which access code and refresh token would be generated must be a member of D365 AUTOMATION and D365 Security group to support read operations and add assign SUPER permission set to support write operation.
-