Skip to main content

Permission Issues on Posting after deploying Extension in Business Central Production Tenant

Introduction:
Issues when you deploy your app in Business Central Production VS Business Central Sandbox. Let us what are the implications of the statement.
In my last blog () I have already pointed out the difference in Profile as to how can create new Profile in Business Central Sandbox but the same is not possible in Business Central Production.

Pre-requisite:
Microsoft Dynamics Business Central (SaaS)

Demonstration:
1. I was working with General Journals after deploying the App in Production Environment.
Suddenly during posting I go this error.


2. To Verify this issue is not of Permission Set, I gave the User SUPER Permission and tried again.

I got the same error despite giving SUPER Permission. Again the same the error, so I checked the Effective Permissions.


I noticed that Table G/L Entry has an Indirect Permission.
I replicated the same Production in Sandbox. But I didn’t find any issue like this.


3. Moreover, I noticed that when I uninstall the App, the Production works perfectly and I cannot replicate the same in Sandbox hence no debugging.

4. I also noticed that there is something called as Entitlement which are more superior than Permission Sets.


5. There was also an ambiguity sometimes in Permission Sets after I remove the App from Production sometimes I could Effective Permissions for  G/L Entry as Indirect and sometimes I could see then as Yes(Enabled).

I  didn’t have any Option other than harassing Microsoft Support for this as my client was going live in next 20 hrs.

6. Microsoft’s Solution: Microsoft found that there should be Permission for the extension to Insert into G/L Entry.

With the help of Aananth Rajadevan(https://www.linkedin.com/in/aananth-rajadevan-a342265a/) from Microsoft Support, we collaborately figured out that since it is an Indirect Permission, we need to put the Permissions in the Object itself.

7. Finally adding Permission in the Objects as per the screenshot, this resolved the issue.



Output:


Conclusion:
From this I can conclude that there is a lot of difference between Sandbox and Production tenant. There are two ways of dealing with this.
1. Production and Sandbox Tenants need to be complete in Sync in terms of the Opertability.
2. Enable Debugging on Production so atleast the Partner can figure it out on their own.
Additionally(I say this from a Developers/ Consultants view here), give access to Global Administrators to Business Central Production / Sandbox through PowerShell so they don’t have to harass Microsoft Support everytime there is any issue.

Comments

Unknown said…
This is confusing, sorry.

You did not explain which object you added permissions to and what that object does (related to the problem).

The Object here was an G/L Entry Table extension object.
If I do not add the permissions in another object which creates,modifies and deletes the data in G/L Entry, I will be getting an error.
So, I need to add Permissions in an object which is trying to access G/L Entry Object.
Unknown said…
Well, that was always the case.
Also with C/AL.
And it was not mentioned that your addin creates it's own g/l entries.
Therefore I was confused.
Unknown said…
In the older versions of Nav it wasnt - super was it said on the tin. This has caught us out for the same reasons testing in sandbox was fine then permission issue in production not related to permission but entitlement, would be nice to apply this in sandbox (on and off as I can see sometimes you may not want it) so we dont hit it in production. Thanks for the post was beginning to think it was just us.
Well, good to hear that. Hope you got the resolution through the blog.
Thanks.

Popular posts from this blog

Understanding and How to use APIs Business Central - 2

Introduction:
In my last blog post (Business Central API -1 ) on Creating API in Business Central, we discussed all the commonly used properties of the page, query, and controls like field and data-item. In today's blog, we will be diving deeply into the validation of the data passed through the API endpoint, how it enters into the source tables and is manipulated to be inserted/modified into single or multiple tables.
Also, I will be demonstrating how APIs are to be used.

Pre-requisites:
Microsoft Dynamics Business Central (SaaS)VS Code(https://code.visualstudio.com/download)AL Language Extension(https://tinyurl.com/yyvzxwkb)API V1 from Business Central On-Premise DVD
Books & References:
API V1 from Business Central On-Premise DVDAPI(V1.0) for Business Central (Click Here)API(Beta) for Business Central (Click Here)
Theory:
Understanding API in Business Central 1. BINDSUBSCRIPTIONS: Use to trigger IntegrationEvent for the Codeunit stated in parameters whenever the function calling BI…

Creating APIs in Business Central - 1

Introduction:
While writing a blog on Automated Testing in Business Central, I was going through sample apps provided by Microsoft and realized that the complexity is nowhere close to what examples Microsoft has provided on docs.microsoft.com. In this blog, I will try to explain how APIs work and how to be creative with the implementation. Also, an API which were in beta are finally out with version V1.0 in the April 2019 release let's see some important key things from development aspects.
This blog is going to be theoretical one kindly bear with me.


Pre-requisites:
Microsoft Dynamics Business Central (SaaS)VS Code(https://code.visualstudio.com/download)AL Language Extension(https://tinyurl.com/yyvzxwkb)API V1 from Business Central On-Premise DVD
Books & References:
API V1 from Business Central On-Premise DVDAPI(V1.0) for Business Central (Click Here)API(Beta) for Business Central (Click Here)
Solution:

Key Requirements:
API source table must have an Id(GUID) field per record for m…

Enum Object in Business Central - How to create and how to extend!

Introduction:
Since the dawn of Business Central Era (2nd April 2018 - Today), there are many new data types introduced by Microsoft.
One such data type is Enum(Enumeration). Essentially, what enumeration is having a single select value with multiple options at a given time!
Well, I know what your thinking what about the 'Option' data type.
Anyways, enough of talking let's just dive in!

Disclaimer:The knowledge in this blog is true and complete to the best of authors and publishers knowledge. The author and publisher disclaim any liability in connection with the use of this information.
Pre-requisites:
Microsoft Dynamics Business Central (SaaS or On-Premise)
VS code with AL Language extension

Code:
1. Enum as an Object:
Just like Tables and Pages, Enum behaves like an Object.
Note that Extensible means that the Enum Object can be extended in another module. By default, this property is set to TRUE.



Enums and Enum Extensions behave differently. They follow a different number se…