When running direct print with the SaaS (cloud) version of Business Central, you need to grant access to the direct print service to get access to print jobs.
The way the security works is that you grant access to a special type of Business Central user called Microsoft Entra Applications (previous Azure Active Directory Applications). This type of user has its own permission set. The assigned permission sets limit what this user can access in the database.
A locally installed direct print service is using the API as this user. This user requires an additional security key to access the print jobs when using the API. This security key is set up under direct print setup.
You should ensure that the permissions assigned to the AAD user only give access to the direct print functionality.