About Confidential Data Protection

Confidential Data Protection is a Business Central extension that helps you protect your sensitive and confidential data from unauthorized access. It allows you to designate specific users as SUPER administratorspecify which tables contain confidential datamark G/L accounts as “Confidential”generate restricted permission setsresolve confidentiality-violating permission set assignments, and get better insights into permission sets.

Why Confidential Data Protection?

In many businesses, there is certain data that should not be exposed to all users, such as financial transactions, budgets, salaries, contracts, etc. However, by default, Business Central does not provide a way to restrict access to this data based on the content of the records. For example, if a user has the permission assigned to view the G/L Entry table, they will be able to see all the entries in that table, regardless of the G/L account(s) they are related to. However, many users would not be able to perform their daily tasks without this table permission, and it is common for users to have this permission.

This poses a serious risk for your business, as it can compromise your data securityprivacy, and compliance. Moreover, it can affect your users’ productivity and performance, as they will have to deal with a lot of irrelevant and distracting information.

Confidential Data Protection solves this problem by enabling you to define which data should be treated confidentially, and who can access that data, at a more granular level. It also helps you to manage your permission sets more efficiently and effectively, by providing you with tools to monitor and resolve any issues related to data confidentiality.

How Confidential Data Protection Works

Confidential Data Protection works by adding a layer of security and control over your data and permission sets.
The extension achieves this by adding the following features to your Business Central environment:

  • SUPER Administrators
    Designate specific users as SUPER administrators, who will be the only users able to assign the SUPERSUPER (DATA) and SECURITY permission sets to other users. This way, you can limit the number of users who have and can grant full access to your system and data.

    Set up SUPER administrator users

    Set up SUPER administrator users

  • Confidential Tables
    Specify which tables and which records in your Business Central environment contain confidential data. By default, the extension suggests to consider the G/L Entry and G/L Budget Entry tables as containing confidential data for which access needs to be restricted.

    Set up tables that should be considered as containing confidential data and should be treated and protected accordingly.

    Set up tables that should be considered as containing confidential data and should be treated and protected accordingly.

  • Confidential G/L Accounts
    Mark G/L accounts as “Confidential”, so that the related G/L data for these accounts will not be exposed to users who have access to the G/L Entry table. Instead, only users who have explicit permission to view the confidential accounts will be able to see the entry data for those accounts.

    Confidential G/L Accounts

    Protect G/L data for G/L accounts that relate to confidential data by marking specific G/L accounts as “Confidential”. This way users will not have access to the G/L data related to that G/L account, not even from calculated flowfields.

  • Restricted Permission Sets
    Protect your Business Central environment(s) against confidentiality-violating permission set assignments using Restricted Permission Sets that exclude access to confidential table data.

    Restricted Permission Set Example

    The extension automatically protects you against attempts to create confidentiality-violating permission set assignments.

  • Confidentiality Violation Resolution
    Identify and resolve any permission set assignments that violate your data confidentiality rules.

    Identify and Resolve Violations

    Identify and resolve confidentiality-violating permission set assignments.

  • Permission Set Insights
    Get better insights into your permission sets and their properties and usages.

    Get better insights into permission set properties and usage

    Get better insights into your permission sets, and their properties and usages.


You can try out the Confidential Data Protection extension completely for free  by installing it directly from Microsoft AppSource in one of your Business Central Sandbox environments.
No trial period, no obligations!

Just install the extension directly from Microsoft AppSource and try it out right away.

Curious about the pricing for Production use? Please check out our Prices page for detailed information about the pricing for each of our apps.