Permissions of Ventoo Shipping

Ventoo Shipping ships with two assignable permission sets. They cover two typical roles: an administrative role that maintains carriers, and a user role that requests labels.

Permission sets

Object ID	Name	Caption	Assignable
70679800	`Shipping Admin VTO`	Ventoo Shipping - Admin	Yes
70679801	`Shipping User VTO`	Ventoo Shipping - User	Yes

Table permissions per permission set

The following table shows which permissions (Read, Insert, Modify, Delete) each permission set holds on the app's tables. RIMD stands for Read, Insert, Modify, and Delete; R for read-only access.

Table	Admin	User
`Carrier Setup VTO`	RIMD	R
`Carrier Service Option VTO`	RIMD	R
`Carrier Notification VTO`	RIMD	R
`Shipping Setup VTO`	RIMD	R
`Shipment Label Header VTO`	RIMD	RIMD
`Shipment Label Line VTO`	RIMD	RIMD
`Label Service Option VTO`	RIMD	RIMD
`Label Notification VTO`	RIMD	RIMD

Recommended assignments

Shipping / IT administrator: receives the Shipping Admin VTO permission set. They maintain carriers, OAuth credentials, master data, and the global shipping setup.
Shipping / logistics clerk: receives the Shipping User VTO permission set. Users with this role can create labels, choose notifications and service options per label, and view the label list, without being able to change the carrier setup.

Sensitive data fields

The following fields are stored in Business Central IsolatedStorage and are only marked with the data classification SystemMetadata in their respective tables:

Carrier Setup VTO – OAuth Client ID
Carrier Setup VTO – OAuth Client Secret

In the carrier setup card, only the mask *** is shown when a value is stored.

Data classification

All other tables use the data classification CustomerContent, because they contain customer-related shipping data (for example delivery and pickup addresses, tracking links). Keep this in mind for data export, auditing, and GDPR data subject requests.