Skip to main content

Permission Issues on Posting after deploying Extension in Business Central Production Tenant

Issues when you deploy your app in Business Central Production VS Business Central Sandbox. Let us what are the implications of the statement.
In my last blog () I have already pointed out the difference in Profile as to how can create new Profile in Business Central Sandbox but the same is not possible in Business Central Production.

Microsoft Dynamics Business Central (SaaS)

1. I was working with General Journals after deploying the App in Production Environment.
Suddenly during posting I go this error.

2. To Verify this issue is not of Permission Set, I gave the User SUPER Permission and tried again.

I got the same error despite giving SUPER Permission. Again the same the error, so I checked the Effective Permissions.

I noticed that Table G/L Entry has an Indirect Permission.
I replicated the same Production in Sandbox. But I didn’t find any issue like this.

3. Moreover, I noticed that when I uninstall the App, the Production works perfectly and I cannot replicate the same in Sandbox hence no debugging.

4. I also noticed that there is something called as Entitlement which are more superior than Permission Sets.

5. There was also an ambiguity sometimes in Permission Sets after I remove the App from Production sometimes I could Effective Permissions for  G/L Entry as Indirect and sometimes I could see then as Yes(Enabled).

I  didn’t have any Option other than harassing Microsoft Support for this as my client was going live in next 20 hrs.

6. Microsoft’s Solution: Microsoft found that there should be Permission for the extension to Insert into G/L Entry.

With the help of Aananth Rajadevan( from Microsoft Support, we collaborately figured out that since it is an Indirect Permission, we need to put the Permissions in the Object itself.

7. Finally adding Permission in the Objects as per the screenshot, this resolved the issue.


From this I can conclude that there is a lot of difference between Sandbox and Production tenant. There are two ways of dealing with this.
1. Production and Sandbox Tenants need to be complete in Sync in terms of the Opertability.
2. Enable Debugging on Production so atleast the Partner can figure it out on their own.
Additionally(I say this from a Developers/ Consultants view here), give access to Global Administrators to Business Central Production / Sandbox through PowerShell so they don’t have to harass Microsoft Support everytime there is any issue.


Unknown said…
This is confusing, sorry.

You did not explain which object you added permissions to and what that object does (related to the problem).

The Object here was an G/L Entry Table extension object.
If I do not add the permissions in another object which creates,modifies and deletes the data in G/L Entry, I will be getting an error.
So, I need to add Permissions in an object which is trying to access G/L Entry Object.
Unknown said…
Well, that was always the case.
Also with C/AL.
And it was not mentioned that your addin creates it's own g/l entries.
Therefore I was confused.

Popular posts from this blog

TIP: Working with changing Field DataTypes and Deleting fields in Business Central

Imagine a scenario where as per the requirements provided by your clients, you have set up the Database structure in NAV/Business Central.
Then comes a requirement in Phase 2 which completely redefines the database structure which was provided by you and you need to delete a few fields in a table and move it to another table.

Microsoft Dynamics NAV
Microsoft Dynamics Business Central

Books & References:

1. In Microsoft Dynamics NAV, there was a flexibility to delete fields, tables, and keys and using  Force-Sync, you can directly delete the field, table, and keys from SQL Database.

2. Whereas in Microsoft Dynamics Business Central, you cannot delete the fields, keys, and tables.
In order to deploy this deleted change, you need to mention this field, table, and keys with Obsolete State Removed.

After you mention the field as…

How to actually use Profile Objects in Business Central

To 'Whomsoever This May Concern',
When I was working on a Production Deployment for one of my clients, I noticed that I could not create a Profile in Business Central Production Tenant. I was able to create new Profile in Sandbox.

Then I tried using configuration Package and modify the contents of 2000000178 Profile Table and as always configuration package blocked it.

There was no way of dealing with this other thancontacting Microsoft Support and this is the answer I get from a Support Engineer

I was on the verge to give my clients a link pointing to a specific page i.e

After being a little creative, I figured out that developing profile objects might help.

And this resolved this issue for me.

How to Run Reports when report processing takes long to cause Session Time-out.

I've observed that when NAV is used for a very long time, the report which needs heavy processing takes long enough to cause Session Time-out. So, fetching reports becomes tedious by manually querying the table.

Microsoft Dynamics NAV
Microsoft Dynamics Business Central

The solution is simple, export the Report as an Excel or PDF depending on the data and send Email to the User as an attachment after the processing is complete.

1. Create the Report in Excel Using Excel Buffer.

2. Export the Excel Buffer contents to an XLSX file.

3. Email the Exported Files to appropriate User. In this case, I have hard coded the user email to my email.


Thus adding a piece of code to send email to the User, can save a lot of hassle. In Business Central, however, it is not possible to modify an existing report. So, you need to export the existing report and merge it in AL using Text-To-Al.