SUPER – but with no access to the role center?

So you think you are SUPER, but you are not able to log in to your Microsoft Dynamics 365 Business Center using the web client? (because of some access denied error).

Well… This is not a very common error, because these needs to be true to trigger it:

  • You are trying to login using the web client
  • Your installation is using a (partner) license with an expiration date, and the expiration dates is less than a month away (so you get a warning about it on every login (in web-, windows- and development-clients)
  • Your permissions are created specific on one or more companies only – so you don’t have i.e. BASIC without a company name

Just after entering your credentials, you’ll get the warning about the expiring license:

Caution: Your program license expires in 20 days.

…and as soon as you click OK you get this (sorry about the mixup of Danish and English here – maybe that is also a part of the bug? Translation is in the image description below):

Something went wrong. You don’t have permission to use the Role Center ‘SALES ORDER PROCESSOR’. Date and time: Fri, 01 Nov 2019 14:48:45 GMT. Go back home.

Your configuration is valid and works for the windows client, but unfortunately the web client have a bug preventing this from working.

This is a platform bug I’ve found in Microsoft Dynamics 365 Business Center 13 with CU 7 (i.e. BC13 CU7 which is the October 2018 release with cumulative update 7). I’ve NOT tested other versions, but I believe that it is also an issue in the latest CU for BC13 and possible also a bug in BC14 and BC15.

This bug HAS been reported to Microsoft and will be fixed in later CUs of the respective BC versions. It was assigned bug ID 332507.

Workarounds while waiting for the fixed cumulative update?

  • Use Windows client. It is not affected by this bug
  • You can add your permission sets without a company name. Maybe even create a new one that does not really grant you access to companies you should not have access to – or simply just add “BASIC”. As long as it is without company name the web client will work
  • Avoid using a license that is about to expire. Re-new your license

Note: When hit by this error, you will also see these event log entries on the server (sorry – also partly in Danish):

Server instance: xxxxxx
 Category: Security
 ClientSessionId: 5e339103-92dd-4ba3-b4cc-874531ba692b
 ClientActivityId: 1b071e5f-13c4-4352-9a3d-a7835ca50d9a
 ServerSessionUniqueId: 759dfb07-9b76-4eeb-bf7c-8a77cb0379d1
 ServerActivityId: 585927d0-5273-43b7-9c65-cdcc612115bd
 EventTime: 11/01/2019 14:47:44
 Message (NavPermissionException): RootException: NavPermissionException
 You do not have the following permissions on TableData Profile: Read.
 To view details about your permissions, see the Effective Permissions page. To report a problem, refer to the following server session ID: '85'.
 CallerStackTrace:
    at Microsoft.Dynamics.Nav.Runtime.PermissionSetBase.VerifyPermissions(NavApplicationObjectBase securableObject, PermissionMask permissionMask, LimitedUserPermissionChecker limitedUserPermissionChecker, Func2 checkTableEmpty, PermissionMask additionalIndirectPermissions, Boolean countAsLimitedUserAllowedTable)    at Microsoft.Dynamics.Nav.Runtime.RecordImplementation.VerifyPermissions(PermissionMask permissionMask, Boolean checkForEmptyTable)    at Microsoft.Dynamics.Nav.Runtime.RecordImplementation.IssueFindRequest(DataError errorLevel, Boolean reversed, FindType findType, Boolean useCache)    at Microsoft.Dynamics.Nav.Runtime.RecordImplementation.FindFirstRecord(DataError errorLevel)    at Microsoft.Dynamics.Nav.Runtime.NavRecord.ALFindFirst(DataError errorLevel)    at Microsoft.Dynamics.Nav.Runtime.ProfileTableDataHandler.<GetAllItems>d__1.MoveNext()    at System.Linq.Enumerable.<ConcatIterator>d__591.MoveNext() at Microsoft.Dynamics.Nav.Runtime.EagerVirtualDataProvider.TryGetByPrimaryKey(RecordIdProviderRequest request, ReadOnlyRecordBuffer& recordBuffer) at Microsoft.Dynamics.Nav.Runtime.DataAccess.InternalTryGetByPrimaryKey(RecordIdCacheRequest request, MutableRecordBuffer& recordBuffer) at Microsoft.Dynamics.Nav.Runtime.DataAccess.TryHandleAsPrimaryKeyLookup(DataCacheRequest request, Boolean cacheOnly, MutableRecordBuffer& recordBuffer) at Microsoft.Dynamics.Nav.Runtime.DataAccess.InnerFind(FindCacheRequest request, Boolean fromPosition, Func`1 onlyCurrentKeyNeededForNextRow) at Microsoft.Dynamics.Nav.Runtime.RecordImplementation.IssueFindRequest(DataError errorLevel, Boolean reversed, FindType findType, Boolean useCache) at Microsoft.Dynamics.Nav.Runtime.RecordImplementation.FindFirstRecord(DataError errorLevel) at Microsoft.Dynamics.Nav.Runtime.NavRecord.ALFindFirst(DataError errorLevel) at Microsoft.Dynamics.Nav.XmlMetadata.NavConfigurationProfile.GetProfileRoleCenterId(NavProfileKey profile) at Microsoft.Dynamics.Nav.XmlMetadata.MetadataProvider.GetHomepageID(NavProfileKey profileKey) at Microsoft.Dynamics.Nav.XmlMetadata.MetadataProvider.GetNavigationFrame(Boolean applyPersonalization, NavProfileKey profileKey) at SyncInvokeGetNavigationFrame(Object , Object[] , Object[] ) at System.ServiceModel.Dispatcher.SyncMethodInvoker.Invoke(Object instance, Object[] inputs, Object[]& outputs) at Microsoft.Dynamics.Nav.Service.ServiceOperationInvoker.RunInTransactionCombinator(ServiceOperation innerOperation, NSServiceBase serviceInstance, MethodBase syncMethod, Object[] inputs, Object[]& outputs) at Microsoft.Dynamics.Nav.Service.ServiceOperationInvoker.<>c__DisplayClass24_1.b__1(NSServiceBase serviceInstance, Object[] inputs, Object[]& outputs) at Microsoft.Dynamics.Nav.Service.ServiceOperationInvoker.TransientErrorRetryCombinator(ServiceOperation innerOperation, NSServiceBase serviceInstance, MethodBase syncMethod, Object[] inputs, Object[]& outputs) at Microsoft.Dynamics.Nav.Service.ServiceOperationInvoker.<>c__DisplayClass24_1.b__1(NSServiceBase serviceInstance, Object[] inputs, Object[]& outputs) at Microsoft.Dynamics.Nav.Service.ServiceOperationInvoker.ErrorMappingCombinator(ServiceOperation innerOperation, NSServiceBase serviceInstance, MethodBase syncMethod, Object[] inputs, Object[]& outputs) at Microsoft.Dynamics.Nav.Service.ServiceOperationInvoker.<>c__DisplayClass24_1.b__1(NSServiceBase serviceInstance, Object[] inputs, Object[]& outputs) at Microsoft.Dynamics.Nav.Service.ServiceOperationInvoker.PushPopCombinator(ServiceOperation innerOperation, NSServiceBase serviceInstance, MethodBase syncMethod, Object[] inputs, Object[]& outputs) at Microsoft.Dynamics.Nav.Service.ServiceOperationInvoker.<>c__DisplayClass24_1.b__1(NSServiceBase serviceInstance, Object[] inputs, Object[]& outputs) at Microsoft.Dynamics.Nav.Service.ServiceOperationTracer.TraceScopeCombinator(Category telemetryCategory, ServiceOperation innerOperation, NSServiceBase serviceInstance, MethodBase syncMethod, Object[] inputs, Object[]& outputs) at Microsoft.Dynamics.Nav.Service.ServiceOperationInvoker.<>c__DisplayClass24_1.b__1(NSServiceBase serviceInstance, Object[] inputs, Object[]& outputs) at Microsoft.Dynamics.Nav.Service.ServiceOperationInvoker.<>c__DisplayClass9_0.b__0() at Microsoft.Dynamics.Nav.Runtime.NavPerformanceCounterSetter.UpdatePerformanceCountersWithAverageServiceOperationDuration(Stopwatch stopWatch, Action action) at Microsoft.Dynamics.Nav.Runtime.NavPerformanceCounterSetter.UpdatePerformanceCountersWithAverageServiceOperationAction(Action action, NavSession session) at Microsoft.Dynamics.Nav.Service.ServiceOperationInvoker.PerformanceCounterCombinator(ServiceOperation innerOperation, NSServiceBase serviceInstance, MethodBase syncMethod, Object[] inputs, Object[]& outputs) at Microsoft.Dynamics.Nav.Service.ServiceOperationInvoker.<>c__DisplayClass24_1.b__1(NSServiceBase serviceInstance, Object[] inputs, Object[]& outputs) at Microsoft.Dynamics.Nav.Service.ServiceOperationInvoker.InitClientTelemetryIdsCombinator(ServiceOperation innerOperation, NSServiceBase serviceInstance, MethodBase syncMethod, Object[] inputs, Object[]& outputs) at Microsoft.Dynamics.Nav.Service.ServiceOperationInvoker.<>c__DisplayClass24_1.b__1(NSServiceBase serviceInstance, Object[] inputs, Object[]& outputs) at Microsoft.Dynamics.Nav.Service.ServiceOperationInvoker.TlsClearCombinator(ServiceOperation innerOperation, NSServiceBase serviceInstance, MethodBase syncMethod, Object[] inputs, Object[]& outputs) at Microsoft.Dynamics.Nav.Service.ServiceOperationInvoker.<>c__DisplayClass24_1.b__1(NSServiceBase serviceInstance, Object[] inputs, Object[]& outputs) at Microsoft.Dynamics.Nav.Service.ServiceOperationInvoker.Invoke(Object instance, Object[] inputs, Object[]& outputs) at System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(MessageRpc& rpc) at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage5(MessageRpc& rpc) at System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean isOperationContextSet) at System.ServiceModel.Dispatcher.MessageRpc.Wrapper.Resume(Boolean& alreadyResumedNoLock) at System.ServiceModel.Dispatcher.ThreadBehavior.ResumeProcessing(IResumeMessageRpc resume) at Microsoft.Dynamics.Nav.Runtime.NavSynchronizationContext.<>c__DisplayClass1_0.b__0(Object state) at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx) at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() at System.Threading.ThreadPoolWorkQueue.Dispatch() ProcessId: 21660 Tag: 00000XO ThreadId: 26 CounterInformation:
Der opstod fejl under forsøg på adgang til webstedet 
 Type: Microsoft.Dynamics.Nav.Types.NavPermissionException
 Message: You do not have the following permissions on TableData Profile: Read.
 To view details about your permissions, see the Effective Permissions page. To report a problem, refer to the following server session ID: '85'.
 StackTrace:
    ved Microsoft.Dynamics.Nav.Client.ConnectionStateManager.CallServer[T](BeginCallServerMethod beginCallServerMethod, EndCallServerMethod1 endCallServerMethod, ServerCallOptions options) i S:\Depot\Platform-Core\platform\client\Shared\Prod.Client.ServiceConnection\ConnectionStateManager.cs:linje 145    ved Microsoft.Dynamics.Nav.Client.ServiceConnection.CallServer[T](BeginCallServerMethod beginCallServerMethod, EndCallServerMethod1 endCallServerMethod) i S:\Depot\Platform-Core\platform\client\Shared\Prod.Client.ServiceConnection\ServiceConnection.cs:linje 2020 ved Microsoft.Dynamics.Nav.Client.MetadataHandler.GetNavigationFrame(Boolean applyPersonalization, Boolean getNavigationFrameFromServer) i S:\Depot\Platform-Core\platform\client\Shared\Prod.Client.ServiceConnection\MetadataHandling\MetadataHandler.cs:linje 559 ved Microsoft.Dynamics.Nav.Client.Web.NavWebBuilderSessionInitializer.NavigationServiceNavigationRootNeeded(Object sender, Object e) i S:\Depot\Platform-Core\platform\client\web\Prod.Client.WebCommon\NavBuilder\NavWebBuilderSessionInitializer.cs:linje 48 ved Microsoft.Dynamics.Framework.UI.Web.ResponseManager.<>c__DisplayClass23_0.b__3() i S:\Depot\Platform-Core\platform\client\web\Prod.Client.Web\Callbacks\ResponseManager.cs:linje 175 ved Microsoft.Dynamics.Framework.UI.LogicalOperationInvoker.<>c__DisplayClass21_0.b__0() i S:\Depot\Platform-Core\platform\client\Shared\Prod.ClientFwk\Threading\LogicalOperationInvoker\LogicalOperationInvoker.cs:linje 178 ved Microsoft.Dynamics.Framework.UI.LogicalOperationInvoker.InvokeAndHandleExceptions(Func`1 action, IExceptionHandler exceptionHandler) i S:\Depot\Platform-Core\platform\client\Shared\Prod.ClientFwk\Threading\LogicalOperationInvoker\LogicalOperationInvoker.cs:linje 415 Source: Microsoft.Dynamics.Nav.Client.ServiceConnection---------------------------------- Type: Microsoft.Dynamics.Nav.Types.NavPermissionException Message: You do not have the following permissions on TableData Profile: Read. To view details about your permissions, see the Effective Permissions page. To report a problem, refer to the following server session ID: '85'. StackTrace: at Microsoft.Dynamics.Nav.Runtime.PermissionSetBase.VerifyPermissions(NavApplicationObjectBase securableObject, PermissionMask permissionMask, LimitedUserPermissionChecker limitedUserPermissionChecker, Func2 checkTableEmpty, PermissionMask additionalIndirectPermissions, Boolean countAsLimitedUserAllowedTable)    at Microsoft.Dynamics.Nav.Runtime.RecordImplementation.VerifyPermissions(PermissionMask permissionMask, Boolean checkForEmptyTable)    at Microsoft.Dynamics.Nav.Runtime.RecordImplementation.IssueFindRequest(DataError errorLevel, Boolean reversed, FindType findType, Boolean useCache)    at Microsoft.Dynamics.Nav.Runtime.RecordImplementation.FindFirstRecord(DataError errorLevel)    at Microsoft.Dynamics.Nav.Runtime.NavRecord.ALFindFirst(DataError errorLevel)    at Microsoft.Dynamics.Nav.Runtime.ProfileTableDataHandler.<GetAllItems>d__1.MoveNext()    at System.Linq.Enumerable.<ConcatIterator>d__591.MoveNext() at Microsoft.Dynamics.Nav.Runtime.EagerVirtualDataProvider.TryGetByPrimaryKey(RecordIdProviderRequest request, ReadOnlyRecordBuffer& recordBuffer) at Microsoft.Dynamics.Nav.Runtime.DataAccess.InternalTryGetByPrimaryKey(RecordIdCacheRequest request, MutableRecordBuffer& recordBuffer) at Microsoft.Dynamics.Nav.Runtime.DataAccess.TryHandleAsPrimaryKeyLookup(DataCacheRequest request, Boolean cacheOnly, MutableRecordBuffer& recordBuffer) at Microsoft.Dynamics.Nav.Runtime.DataAccess.InnerFind(FindCacheRequest request, Boolean fromPosition, Func`1 onlyCurrentKeyNeededForNextRow) at Microsoft.Dynamics.Nav.Runtime.RecordImplementation.IssueFindRequest(DataError errorLevel, Boolean reversed, FindType findType, Boolean useCache) at Microsoft.Dynamics.Nav.Runtime.RecordImplementation.FindFirstRecord(DataError errorLevel) at Microsoft.Dynamics.Nav.Runtime.NavRecord.ALFindFirst(DataError errorLevel) at Microsoft.Dynamics.Nav.XmlMetadata.NavConfigurationProfile.GetProfileRoleCenterId(NavProfileKey profile) at Microsoft.Dynamics.Nav.XmlMetadata.MetadataProvider.GetHomepageID(NavProfileKey profileKey) at Microsoft.Dynamics.Nav.XmlMetadata.MetadataProvider.GetNavigationFrame(Boolean applyPersonalization, NavProfileKey profileKey) at SyncInvokeGetNavigationFrame(Object , Object[] , Object[] ) at System.ServiceModel.Dispatcher.SyncMethodInvoker.Invoke(Object instance, Object[] inputs, Object[]& outputs) at Microsoft.Dynamics.Nav.Service.ServiceOperationInvoker.RunInTransactionCombinator(ServiceOperation innerOperation, NSServiceBase serviceInstance, MethodBase syncMethod, Object[] inputs, Object[]& outputs) at Microsoft.Dynamics.Nav.Service.ServiceOperationInvoker.<>c__DisplayClass24_1.b__1(NSServiceBase serviceInstance, Object[] inputs, Object[]& outputs) at Microsoft.Dynamics.Nav.Service.ServiceOperationInvoker.TransientErrorRetryCombinator(ServiceOperation innerOperation, NSServiceBase serviceInstance, MethodBase syncMethod, Object[] inputs, Object[]& outputs) at Microsoft.Dynamics.Nav.Service.ServiceOperationInvoker.<>c__DisplayClass24_1.b__1(NSServiceBase serviceInstance, Object[] inputs, Object[]& outputs) at Microsoft.Dynamics.Nav.Service.ServiceOperationInvoker.ErrorMappingCombinator(ServiceOperation innerOperation, NSServiceBase serviceInstance, MethodBase syncMethod, Object[] inputs, Object[]& outputs) Source: Microsoft.Dynamics.Nav.Ncl
Error accessing Website 
 Type: Microsoft.Dynamics.Nav.Types.NavProfileException
 Message: You don't have permission to use the Role Center 'ORDREBEHANDLER'.
 StackTrace:
    at Microsoft.Dynamics.Nav.Client.NavRunHomepagePropertyBagInvokedAction.Validate(FormPropertyBag queryParameters, UISession uiSession, Object invocationState) in S:\Depot\Platform-Core\platform\client\Shared\Prod.Client.UI\NavRunHomepagePropertyBagInvokedAction.cs:line 61
    at Microsoft.Dynamics.Framework.UI.LogicalFormActivator.GeneratePropertyBagCommand(FormPropertyBag propertyBagToUse, UISession uiSession, Object invocationState) in S:\Depot\Platform-Core\platform\client\Shared\Prod.ClientFwk\URL\LogicalFormActivator.cs:line 157
    at Microsoft.Dynamics.Framework.UI.LogicalFormActivator.ValidateAndInvokePropertyBag(FormPropertyBag propertyBagToUse, UISession uiSession, Object invocationState) in S:\Depot\Platform-Core\platform\client\Shared\Prod.ClientFwk\URL\LogicalFormActivator.cs:line 60
    at Microsoft.Dynamics.Framework.UI.OpenFormInteraction.InvokeCore(OpenFormInteractionInput logicalInteractionInput) in S:\Depot\Platform-Core\platform\client\Shared\Prod.ClientFwk\Interactions\SystemInteractions\OpenFormInteraction.cs:line 0
    at Microsoft.Dynamics.Framework.UI.InteractionInvoker.Invoke[T](String interactionName, Action1 invokeMethod, T input) in S:\Depot\Platform-Core\platform\client\Shared\Prod.ClientFwk\Interactions\InteractionInvoker.cs:line 42    at Microsoft.Dynamics.Framework.UI.LogicalInteraction1.Invoke(T logicalInteractionInput) in S:\Depot\Platform-Core\platform\client\Shared\Prod.ClientFwk\Interactions\LogicalInteraction.cs:line 40 at Microsoft.Dynamics.Framework.UI.InteractionManager.<>c__DisplayClass8_2.b__4() in S:\Depot\Platform-Core\platform\client\Shared\Prod.ClientFwk\Interactions\InteractionManager.cs:line 125 Source: Microsoft.Dynamics.Nav.Client.UI