Skip to main content

Permission Issues on Posting after deploying Extension in Business Central Production Tenant

Introduction:
Issues when you deploy your app in Business Central Production VS Business Central Sandbox. Let us what are the implications of the statement.
In my last blog () I have already pointed out the difference in Profile as to how can create new Profile in Business Central Sandbox but the same is not possible in Business Central Production.

Pre-requisite:
Microsoft Dynamics Business Central (SaaS)

Demonstration:
1. I was working with General Journals after deploying the App in Production Environment.
Suddenly during posting I go this error.


2. To Verify this issue is not of Permission Set, I gave the User SUPER Permission and tried again.

I got the same error despite giving SUPER Permission. Again the same the error, so I checked the Effective Permissions.


I noticed that Table G/L Entry has an Indirect Permission.
I replicated the same Production in Sandbox. But I didn’t find any issue like this.


3. Moreover, I noticed that when I uninstall the App, the Production works perfectly and I cannot replicate the same in Sandbox hence no debugging.

4. I also noticed that there is something called as Entitlement which are more superior than Permission Sets.


5. There was also an ambiguity sometimes in Permission Sets after I remove the App from Production sometimes I could Effective Permissions for  G/L Entry as Indirect and sometimes I could see then as Yes(Enabled).

I  didn’t have any Option other than harassing Microsoft Support for this as my client was going live in next 20 hrs.

6. Microsoft’s Solution: Microsoft found that there should be Permission for the extension to Insert into G/L Entry.

With the help of Aananth Rajadevan(https://www.linkedin.com/in/aananth-rajadevan-a342265a/) from Microsoft Support, we collaborately figured out that since it is an Indirect Permission, we need to put the Permissions in the Object itself.

7. Finally adding Permission in the Objects as per the screenshot, this resolved the issue.



Output:


Conclusion:
From this I can conclude that there is a lot of difference between Sandbox and Production tenant. There are two ways of dealing with this.
1. Production and Sandbox Tenants need to be complete in Sync in terms of the Opertability.
2. Enable Debugging on Production so atleast the Partner can figure it out on their own.
Additionally(I say this from a Developers/ Consultants view here), give access to Global Administrators to Business Central Production / Sandbox through PowerShell so they don’t have to harass Microsoft Support everytime there is any issue.

Comments

Unknown said…
This is confusing, sorry.

You did not explain which object you added permissions to and what that object does (related to the problem).

The Object here was an G/L Entry Table extension object.
If I do not add the permissions in another object which creates,modifies and deletes the data in G/L Entry, I will be getting an error.
So, I need to add Permissions in an object which is trying to access G/L Entry Object.
Unknown said…
Well, that was always the case.
Also with C/AL.
And it was not mentioned that your addin creates it's own g/l entries.
Therefore I was confused.
Unknown said…
In the older versions of Nav it wasnt - super was it said on the tin. This has caught us out for the same reasons testing in sandbox was fine then permission issue in production not related to permission but entitlement, would be nice to apply this in sandbox (on and off as I can see sometimes you may not want it) so we dont hit it in production. Thanks for the post was beginning to think it was just us.
Well, good to hear that. Hope you got the resolution through the blog.
Thanks.

Popular posts from this blog

Creating APIs in Business Central - 1

Introduction:
While writing a blog on Automated Testing in Business Central, I was going through sample apps provided by Microsoft and realized that the complexity is nowhere close to what examples Microsoft has provided on docs.microsoft.com. In this blog, I will try to explain how APIs work and how to be creative with the implementation. Also, an API which were in beta are finally out with version V1.0 in the April 2019 release let's see some important key things from development aspects.
This blog is going to be theoretical one kindly bear with me.


Pre-requisites:
Microsoft Dynamics Business Central (SaaS)VS Code(https://code.visualstudio.com/download)AL Language Extension(https://tinyurl.com/yyvzxwkb)API V1 from Business Central On-Premise DVD
Books & References:
API V1 from Business Central On-Premise DVDAPI(V1.0) for Business Central (Click Here)API(Beta) for Business Central (Click Here)
Solution:

Key Requirements:
API source table must have an Id(GUID) field per record for m…

How Business Central Modern Client Reverse Compatibility With NAV Can Help You Improve Your Work.

Introduction: Today, I was playing around with Business Central Modern Client (Windows App).
Out of curiosity I was trying to login to one of my NAV 2017 through SSO.
Pre-requisites: Microsoft Dynamics NAV with SSO configured
Microsoft Dynamics Business Central
Demonstration: 1. Business Central App - Main Page:

Clicking on locally hosted service and putting in the credentials configured for NAV 2017 SSO, we get.
Still skeptical when Business Central login into NAV.

2. Business Central App - Reverse compatible with NAV 2017:


Well well well...
Look whose here.
NAV disguised as  Dynamics 365 for Financials.

I think we all agree that Business Central Modern Client is a WebApp version of Busines Central Online. Basically just like browser in an App.
The difference is that it can connect to NAV as it is just like a browser.

3. Does Business Central Modern Client follow DynamicsNAV protocol?:
Well, it simply does not.
It would be amazing  if it did, as it would mean that we could deal with runni…

Generic way of Attaching Documents on any Record of the Page in Microsoft Dynamics Business Central - Template Code

Problem Statement: In Microsoft Business Central, there is a way to attach attachments only on Documents or Master Table records. But, what if this requirement is for other tables such as Opportunities, custom tables, etc. Introduction: I have seen many developers afraid to touch the attachment-related customization as it seems complicated.
Well, I have found a solution and here it goes.
In this blog, I'm attempting to create a generic template for code that needs to have an attachment feature on any table that you like using AL Code.
This means that you simply cannot copy-paste the same code for all the tables but a simple change in variable sub-type will ease your work significantly
Pre-requisites:Microsoft Dynamics Business CentralVS CodeAl Language ExtensionSource Code:https://github.com/olisterr/Generic-Attachment-Template Demonstration:1. How it works:
Document Attachment is a table which stores a few things that help in tracking information related to the attachment

The main u…