Friday, August 4, 2023

Dual-Write | Privileges required for Initial Sync and other considerations

Recently we were doing an initial sync for tables between Dynamics 365 Finance & Operations apps and Dataverse (Dynamics 365 Customer Engagement), and we received an error that read:

Reason: Bad Request, Header x-ms-client-request-id 8aef8aa3-2a01-493e-a0d7-347ce560e50d, Principal team (Id=b7e1929e-xxxx-xxxx-aad0-xxxx489fxxxx, type=9, teamType=0, privilegeCount=0, MetadataCachePrivilegesCount=9751, businessUnitId=b5e1929e-xxxx-xxxx-aad0-xxxx489fxxxx), is missing prvReadmsdyn_globalproduct privilege (Id=539cf392-xxxx-xxxx-b258-xxxx719b7d93) on OTC=10835 for entity 'msdyn_globalproduct' (LocalizedName='Global Product') in Business Unit: unqxxxx (Id=b5e1929e-xxxx-xxxx-aad0-xxxx489fxxxx). context.Caller=691e1af2-xxxx-xxxx-aad1-xxxx489axxxx

Sometimes when you're excited and hurrying into the action, you miss the fine details and here are the fine details.

Security role that is required

Every user in a customer engagement organization with dual-write must be given Dual-Write Runtime User role. Without this role, users will be unable to create any rows in tables in customer engagement organization.

Company and currency exchange tables are global in nature and all dual-write users require read access to these 2 tables. To provide access, all dual-write users must be given Dual-Write App User security role. If a user does not have this security role assigned to them, they will not be able to read tables that contain Company and Currency.

Also access is required to entities (tables in dataverse) that are in scope of dual-write. However which privilege is required is not very clear. What you can do is to create a custom role and provide the relevant privilege to the tables in scope of your dual-write integration. We had provided Create, Read and Write which worked for us.

PS: I do believe Read privilege should be enough. Comment down below if you have an experience regarding the exact privilege required.

Here is the link to other considerations before performing initial sync & setup dual-write security roles and permissions.

Hope this helps!

No comments:

Post a Comment