Agents in Business Central – part 3 – limiting the agent
In the first article of this series, we explored the architecture behind agents in Business Central—how they work, how tasks flow through the orchestrator, and how the environment interacts with agent‑driven processes. (Agents in Business Central – part 1 – the architecture – Discover Microsoft Business Central)
In the second article, we focused on one of the most crucial elements: how to give your agent effective and reliable instructions so it can act consistently and intelligently. (Agents in Business Central – part 2 – the prompt – Discover Microsoft Business Central)
Now, in Part 3, we shift gears from capability to control.
Limit the Agent Itself
Agents operate as a dedicated “user” in Business Central, running tasks in separate sessions. This means they must be treated like any other user from a security perspective.
That is why you can limit the agent in a couple of ways:
- Assign a specific role center
- Limit pages
- Give permissions
Specific role center
Creating a custom role center for agents (or users) interacting with agents can dramatically reduce complexity.
This ensures only the essential pages, parts, and actions are visible to the agent.
In that way the agent can only navigate and use these parts (The Tell Me function the agent cannot use!).
For example:
So know the agent can only use Items and purchase orders (or even go to the titles).
In the Agent Setup you can assign the role center:
Limit pages
Next to the role center you have to limit also the fields and actions a agent can see.
Fewer fields and actions = fewer surprising scenarios = fewer unpredictable outcomes.
In AL you can do it with the page pagecustomization object (or do it in the UI with the customize profile option in BC).
To start use always the properties ClearLayout, ClearActions (and on list pages) and ClearViews to hide elements the app is not depended on.
Also in the details for each step (log entry from each agent task you can also see what the agent is seeing:
So in this way you can clearly see what your customized page is look like for the agent.
Give permissions
Whether you are building:
- a prototype in the Agent Playground
- a full AL‑based agent for production
- or an internal automation for specific scenarios
…security must always come first.
Create a dedicated permission set for each agent. Avoid giving agents super permissions:
So if your agent can see for example customers and he does not have the permissions to open the page he will get an error. Therefor in your test scenarios please also test on those parts!
Effective Permissions: The Intersection Model
One important detail that is easy to miss in early previews: an agent never runs solely with its own assigned permission sets.
Business Central executes agent tasks with the intersection of the agent’s permissions and the permissions of the last user who interacted with the task.
This means an agent can never perform an action that the triggering user themselves does not have access to.
When a user schedules a task for an agent, Business Central uses only the permissions both parties share. If the agent later requests human intervention, the permissions are recalculated using the user who responded, which might be different from the task creator.
This behavior is confirmed in Microsoft’s documentation, which explicitly states that scheduled agent tasks run with “permissions from the intersection of the user’s permissions and the agent’s permissions” and continue with the permissions of whichever user responded to an intervention request.
Set up agent permissions and profiles (preview) – Business Central | Microsoft Learn
| User Permissions | Agent Permissions | Effective Permissions |
| Read, Modify | Read | Read |
| Read | Read, Delete | Read |
| Modify only | Read only | (none) → denied actions |
Leave a Reply