Tag: PowerPlatform

Fixed – Authorization failed. The client with object id does not have authorization to perform action ‘Microsoft.Authorization/roleAssignments/write’ over scope ‘/subcriptions’ while configuring Azure Synapse Link for Dataverse


Recently while configuring Azure Synapse Link for Dataverse, for exporting data to Azure Data Lake we got the below error –

{“code”:”AuthorizationFailed”,”message”:”The client ‘abc’ with object id ‘d56d5fbb-0d46-4814-afaa-e429e5f252c8’ does not have authorization to perform action ‘Microsoft.Authorization/roleAssignments/write’ over scope ‘/subscriptions/30ed4d5c-4377-4df1-a341-8f801a7943ad/resourceGroups/RG/providers/Microsoft.Storage/storageAccounts/saazuredatalakecrm/providers/Microsoft.Authorization/roleAssignments/2eb81813-3b38-4b2e-bc14-f649263b5fcf’ or the scope is invalid. If access was recently granted, please refresh your credentials.”}


As well as the below error –


As the error suggests the error was because the user account used was not having the appropriate role(s) assigned.

The user needs to have the Owner as well as Blob Storage Data Contributor role on the Azure Data Lake Storage Gen2 account.

Also check –

https://nishantrana.me/2020/09/07/error-access-to-the-resource-is-forbidden-while-trying-to-connect-to-azure-data-lake-storage-gen2-using-power-bi-desktop/

https://nishantrana.me/2021/06/24/fixed-authorizationfailed-the-client-with-object-id-does-not-have-authorization-to-perform-action-microsoft-authorization-roleassignments-write-over-scope-storageaccou/

https://docs.microsoft.com/en-us/power-apps/maker/data-platform/azure-synapse-link-synapse#prerequisites

Hope it helps..

Advertisements

Autonumber field values in case of exception in Dynamics 365 / CRM


Recently in one of our projects, where we were using the auto number attribute (with sequential numbers), we realized that it gets incremented even in case of an exception thrown during Pre Stage of the Plugin Execution. We were assuming the number gets incremented only after the record gets created i.e. on post-stage.

But as the documentation mentions, the number gets pre-selected as soon as the record is started.

https://docs.microsoft.com/en-us/power-apps/maker/data-platform/autonumber-fields

Let us see it in action also –

Here we have the lead record created with My Autonumber as the auto number column with seed as 1000

The auto number field has a value of 1009 currently.

Now let us register a plugin on the Pre-Create stage that throws the exception.

Let us try creating a new lead record, which as expected will throw the exception.

Let us try saving the record 3 times more, triggering the record creation as well as the plugin along with the exception.

Now let us disable the plugin step and save/create the record.

As expected the record gets created, and the auto number field has a value of 1014.

The same behavior was observed in case of Pre-Validation stage.

Hope it helps..

 

Advertisements

Fixed – Sorry, we need additional information to verify your identity. Please Contact Support error while creating Dynamics 365 Trial


Recently while creating a Dynamics 365 Trial, https://dynamics.microsoft.com/en-us/dynamics-365-free-trial/, we were getting the below error, during the verification step

“Sorry, we need additional information to verify your identity. Please Contact Support”

 

 

 

 

 

 

This error could be related to the same phone number being used multiple times to create the Dynamics 365 trial or could be related browser cache.

Before trying with a new phone number, we should first try creating a trial in the In-Private mode (or clear cache in the browser).

In our case, the In-Private mode worked as shown below, and we were able to create the trial.

Hope it helps..

Advertisements

Fixed – You do not have prvReadmsdyn_personasecurityrolemapping permission to access Persona Security Role Mapping records. Contact your Microsoft Dynamics 365 administrator for help


Recently one of the users, while accessing a few of the System User’s views, was getting the below error.

You do not have prvReadmsdyn_personasecurityrolemapping permission to access Persona Security Role Mapping records. Contact your Microsoft Dynamics 365 administrator for help.

There were a few System users’ views that were working fine.

The user had the Security Role = System Administrator, however, the Access Mode was set to Administrative.

Changing the Access Mode to Read-Write fixed the issue.

Hope it helps..

Advertisements

How to – Use Refresh Option to force user state synchronization in Power Platform Admin Center – Dynamics 365 / CRM


At times we would assign or update the licenses and roles assigned to the users in Microsoft 365 Admin Center, and these changes would take time to reflect inside the Dynamics 365 applications.

A background system process takes care of synchronizing the user state in Azure AD to the System User table in Dataverse.

However, here we can also use the Refresh
User option in Power Platform Admin Center to force the synchronization instead of waiting.

Inside Power Platform Admin Center – Navigate to Environment >> [Env]>> Settings >> Users and select the user and click on Refresh user option.

This will immediately start the synchronization process.

Hope it helps..

Advertisements

Security Enhancements – 24 hours maximum user session timeout in Dynamics 365 / CRM


With recent security enhancements in Customer engagement apps, the maximum user session timeout of 24 hours is removed.

https://docs.microsoft.com/en-us/power-platform/admin/user-session-management#user-session-timeout-management

Now it uses the Azure AD Session Policy to manage user session timeout, which by default has Azure AD refresh token expiration set as 90 days.

https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-configurable-token-lifetimes#refresh-and-session-token-lifetime-policy-properties

Refresh toke lifetime and expirationhttps://docs.microsoft.com/en-us/azure/active-directory/develop/refresh-tokens#refresh-token-lifetime

Use Configuring sign-in frequency in Conditional Access to define the periods before a user is required to sign-in again – https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-session-lifetime

Earlier the default session timeout used to be 24 hours with 20 minutes for warning the user – https://nishantrana.me/2017/11/17/configure-session-timeout-and-inactivity-timeout-dynamics-365/

However, we can still override the default Azure AD Session policy, by setting the session timeout and/or inactivity timeout for the individual environment.

To set the same navigate to –

Environments > [Environment] > Settings > Privacy + Security in Power Platform Admin Center.

Specify appropriate values and save the changes.

Get all the details here –

https://docs.microsoft.com/en-us/power-platform/admin/user-session-management#configure-session-timeout

Hope it helps..

 

Advertisements