Skip to main content

Permission Issues on Posting after deploying Extension in Business Central Production Tenant

Issues when you deploy your app in Business Central Production VS Business Central Sandbox. Let us what are the implications of the statement.
In my last blog () I have already pointed out the difference in Profile as to how can create new Profile in Business Central Sandbox but the same is not possible in Business Central Production.

Microsoft Dynamics Business Central (SaaS)

1. I was working with General Journals after deploying the App in Production Environment.
Suddenly during posting I go this error.

2. To Verify this issue is not of Permission Set, I gave the User SUPER Permission and tried again.

I got the same error despite giving SUPER Permission. Again the same the error, so I checked the Effective Permissions.

I noticed that Table G/L Entry has an Indirect Permission.
I replicated the same Production in Sandbox. But I didn’t find any issue like this.

3. Moreover, I noticed that when I uninstall the App, the Production works perfectly and I cannot replicate the same in Sandbox hence no debugging.

4. I also noticed that there is something called as Entitlement which are more superior than Permission Sets.

5. There was also an ambiguity sometimes in Permission Sets after I remove the App from Production sometimes I could Effective Permissions for  G/L Entry as Indirect and sometimes I could see then as Yes(Enabled).

I  didn’t have any Option other than harassing Microsoft Support for this as my client was going live in next 20 hrs.

6. Microsoft’s Solution: Microsoft found that there should be Permission for the extension to Insert into G/L Entry.

With the help of Aananth Rajadevan( from Microsoft Support, we collaborately figured out that since it is an Indirect Permission, we need to put the Permissions in the Object itself.

7. Finally adding Permission in the Objects as per the screenshot, this resolved the issue.


From this I can conclude that there is a lot of difference between Sandbox and Production tenant. There are two ways of dealing with this.
1. Production and Sandbox Tenants need to be complete in Sync in terms of the Opertability.
2. Enable Debugging on Production so atleast the Partner can figure it out on their own.
Additionally(I say this from a Developers/ Consultants view here), give access to Global Administrators to Business Central Production / Sandbox through PowerShell so they don’t have to harass Microsoft Support everytime there is any issue.


Unknown said…
This is confusing, sorry.

You did not explain which object you added permissions to and what that object does (related to the problem).

The Object here was an G/L Entry Table extension object.
If I do not add the permissions in another object which creates,modifies and deletes the data in G/L Entry, I will be getting an error.
So, I need to add Permissions in an object which is trying to access G/L Entry Object.
Unknown said…
Well, that was always the case.
Also with C/AL.
And it was not mentioned that your addin creates it's own g/l entries.
Therefore I was confused.

Popular posts from this blog

How Business Central Modern Client Reverse Compatibility With NAV Can Help You Improve Your Work.

Introduction: Today, I was playing around with Business Central Modern Client (Windows App).
Out of curiosity I was trying to login to one of my NAV 2017 through SSO.
Pre-requisites: Microsoft Dynamics NAV with SSO configured
Microsoft Dynamics Business Central
Demonstration: 1. Business Central App - Main Page:

Clicking on locally hosted service and putting in the credentials configured for NAV 2017 SSO, we get.
Still skeptical when Business Central login into NAV.

2. Business Central App - Reverse compatible with NAV 2017:

Well well well...
Look whose here.
NAV disguised as  Dynamics 365 for Financials.

I think we all agree that Business Central Modern Client is a WebApp version of Busines Central Online. Basically just like browser in an App.
The difference is that it can connect to NAV as it is just like a browser.

3. Does Business Central Modern Client follow DynamicsNAV protocol?:
Well, it simply does not.
It would be amazing  if it did, as it would mean that we could deal with runni…

TIP: Working with changing Field DataTypes and Deleting fields in Business Central

Imagine a scenario where as per the requirements provided by your clients, you have set up the Database structure in NAV/Business Central.
Then comes a requirement in Phase 2 which completely redefines the database structure which was provided by you and you need to delete a few fields in a table and move it to another table.

Microsoft Dynamics NAV
Microsoft Dynamics Business Central

Books & References:

1. In Microsoft Dynamics NAV, there was a flexibility to delete fields, tables, and keys and using  Force-Sync, you can directly delete the field, table, and keys from SQL Database.

2. Whereas in Microsoft Dynamics Business Central, you cannot delete the fields, keys, and tables.
In order to deploy this deleted change, you need to mention this field, table, and keys with Obsolete State Removed.

After you mention the field as…

How to actually use Profile Objects in Business Central

To 'Whomsoever This May Concern',
When I was working on a Production Deployment for one of my clients, I noticed that I could not create a Profile in Business Central Production Tenant. I was able to create new Profile in Sandbox.

Then I tried using configuration Package and modify the contents of 2000000178 Profile Table and as always configuration package blocked it.

There was no way of dealing with this other thancontacting Microsoft Support and this is the answer I get from a Support Engineer

I was on the verge to give my clients a link pointing to a specific page i.e

After being a little creative, I figured out that developing profile objects might help.

And this resolved this issue for me.