Skip to content

[Quality Management] [28.x] Enforce rules and restrictions with indirect and implicit permissions#9259

Open
JakovljevicDusan wants to merge 1 commit into
releases/28.xfrom
bugs/28.x-QM-EnforcingQMRulesAndRestrictionWithImplicitPermissions
Open

[Quality Management] [28.x] Enforce rules and restrictions with indirect and implicit permissions#9259
JakovljevicDusan wants to merge 1 commit into
releases/28.xfrom
bugs/28.x-QM-EnforcingQMRulesAndRestrictionWithImplicitPermissions

Conversation

@JakovljevicDusan

@JakovljevicDusan JakovljevicDusan commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

What & why

Implement InherentPermissions so users without Quality Management permissions would not silently skip mandatory Quality Inspection creation or transaction restrictions.

Automatic Quality Inspection creation is now handled like this:

  1. If there is no Quality Inspection Setup or there is no Generation Rule triggered on specific event, Quality Management code is skipped, and user does not need any Quality Management permission set. InherentPermissions for these two tables are used.

  2. However, if there is trigger, then user has to have Quality Management permissions. Otherwise, user gets standard permission error, such as this:

image
  1. Minimum is new permission set "QltyMgmt - I. Create"/'Quality Inspection - Create' which grants indirect permissions for creating inspections, without accessing or processing them further.
  • This permission set grants permission to run creation inspection manually as well, via "Create Quality Inspection" actions. But, due to AccessByPermission, View actions are hidden if user has just that Quality Management permission set.

Linked work

Fixes AB#641763

… implicit permissions (#8556)

## What & why

Implement InherentPermissions so users without QM permissions would not
silently skip mandatory Quality Inspection creation or transaction
restrictions.

Automatic Quality Inspection creation is now handled like this:
1. If there is no Quality Inspection Setup or there is no Generation
Rule triggered on specific event, QM code is skipped and user does not
need any QM permission set. InherentPermissions for these two tables is
used.
2. However, if there is trigger, then user has to have QM permissions.
Otherwise, user gets standard permission error, such as this:
<img width="561" height="266" alt="image"
src="https://github.com/user-attachments/assets/0981f1db-fd75-43c1-9c0a-151181eeec92"
/>
3. Minimum is new permission set "QltyMgmt - I. Create"/'Quality
Inspection - Create' which grants indirect permissions for creating
inspections, without accessing or processing them further.
- This permission set grants permission to run creation inspection
manually as well, via "Create Quality Inspection" actions. But, due to
AccessByPermission, View actions are hidden if user has just that QM
permission set.

## Linked work

Fixes
[AB#626330](https://dynamicssmb2.visualstudio.com/1fcb79e7-ab07-432a-a3c6-6cf5a88ba4a5/_workitems/edit/626330)
@JakovljevicDusan JakovljevicDusan requested a review from a team July 8, 2026 15:40
@JakovljevicDusan JakovljevicDusan requested a review from a team as a code owner July 8, 2026 15:40
@github-actions github-actions Bot added the AL: Apps (W1) Add-on apps for W1 label Jul 8, 2026
@github-actions github-actions Bot added this to the Version 28.4 milestone Jul 8, 2026
@JakovljevicDusan JakovljevicDusan added the SCM GitHub request for SCM area label Jul 9, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

AL: Apps (W1) Add-on apps for W1 SCM GitHub request for SCM area

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant