When you add the Popdock Extension to your Microsoft Dynamics 365 Business Central environment and then connect your Business Central to Popdock, Popdock creates a default widget that gives you access to all the default Business Central lists. By adding the widget ID and token to the Popdock Setup in Business Central, all users will have the same permissions to all the companies and lists.
What if you wanted to assign different lists or companies to different users?
For example, you want to assign permissions so that when users in Mexico access the widget in Business Central, they default to the Mexico company. Similarly, when users in the US access the widget, they should have access only to the US company. The following steps will take you through configuring your Popdock Security and setting up Popdock in Business Central to handle this scenario.
Adding an API User
The purpose of using an API User is to create a generic user that has specific roles, permissions, and a token. This token can be assigned to all users in the Business Central Popdock Setup page, ensuring they can only access what is specified in the following steps.
1. From the Popdock main menu, select Security.
2. In the left navigation menu, select External users.
3. Select Add external user at the top right.
4. In the Add external user window that opens, enter a Name for the first API user. Select the Add an API token option. Enter a Token name and then select Add.
5. Select the edit icon for the new user you created.
6. In the left navigation menu, select Roles.
7. Select Add a role. Then check the box next to the WidgetReader role. Then select Add.
8. In the left navigation, scroll down to the Connectors section. Find your Business Central connector that you are using for your widgets.
9. Decide what access you want this API User to have. In this example, the user will have access to 1 of the 2 companies and have access to only the lists in the sales group. They will also have access to favorites and have the ability to export to Excel. This will require the following settings:
10. In the left navigation menu, select Tokens. Copy the token somewhere so that you have it to add to the Popdock Setup page in Business Central.
11. Now that your first API User is configured, you can repeat steps 1 – 10 to create a second API User. This is where you differentiate the API Users so that they have different access. Repeat as many times as needed.
Adding a Token to Each Business Central User
1. In Business Central, select Popdock from the menu and then select Popdock Setup. You can also do a search for Popdock and then select the Popdock Setup. This is where you configure the widget that is inside your Business Central environment.
2. Here you will see the Widget ID, your Widget Region, the Security Model and Token. This Token field is if you are currently using the default Security Model of “All users share a single login“.
3. Click the edit icon at the top center of the page to edit the settings.
4. In the Security Model dropdown and select All users must have an access token. This will gray out the Token field at the top and you will now see that you can add a token to each individual user.
5. This is where you need to assign the token(s) for your API Users accordingly. By creating the API Users, you now have default tokens that can be assigned to each user, granting them specific access to the widget. When they launch the widget inside their environment, it will only allow the permissions configured for the assigned token.
By assigning individual user tokens to each Business Central user, you can grant specific permissions based on the assigned token. For example, the token assigned to ADMIN is the US user, so they have access to only the CRONUS USA, Inc. company and the specific lists they have access to. The MSOLSYNC user has access to only the My Company company and the specific lists they have access to.
For any questions or additional support, contact the eOne support team.
