You’re offline. This is a read only version of the page.
160
Hi all,
I am getting the following error when trying to set up Azure AD with my portal. I have set up others before without issue but for some reason this one won't cooperate. Initially it was working but I noticed it was using the SYSTEM user to create and update records. I wanted to move it over to the App Registration (S2S) user but noticed it hadn't been added the Application User to the environment. I manually added the Application User to the environment (i.e., the Azure App) and gave it the necessary security roles. But now it says it can't update the contact entity when a user tries to sign in? I checked the access on dataverse and it says the application user has access through the security roles I gave it.
Here is the error it gives when a user/contact tries to sign in via Azure AD:
[FaultException`1: User with ID 13faa340-dded-ed11-8849-002248****** does not have Update permissions for the adx_identity_username attribute in the contact entity. The contactid of the record is 94a928dc-7ce2-ed11-a7c7-000d3a******] Microsoft.Xrm.Tooling.Connector.CrmServiceClient.Execute(OrganizationRequest request) +141 Adxstudio.Xrm.Services.Pooling.Dataverse.PoolableDataverseConnection.InvokeFuntion(Func`1 function) in C:\__w\1\s\Framework\Adxstudio.Xrm\Services\Pooling\Dataverse\PoolableDataverseConnection.cs:212
My expectation is that the App User gets access through the Authenticated Users web role and this role has the necessary permissions on the contact entity.
My only thought, is that it is not authenticating properly, although I checked AD and the user/contact is authenticating successfully there against the App. My thought is that there is something missing between the App and the Portal which ties back to a issue during creation and why SYSTEM was updating the records.
Any thoughts or help appreciated.
FYI, after contacting MS, we identified the issue and resolution. So for a period earlier this year, MS had switched on the creation of an application user in production when creating a portal. This resulted in an application user being created on the environment and this would then be used to connect and write records to dataverse. As we are new to portals - creating our first one in January, this is the behavior we were used to and expected when creating a portal in April. But by that time, MS had switched off this setting again and reverted to the pre-existing configuration where the SYSTEM user is used to create and modify records in dataverse via the portal and an application user isn't created on the environment.
We deactivated the application user that we had manually created and we are now no longer receiving the error above.
The down side is that we could manipulate the security roles for the application user but can't for the SYSTEM user.
Share
Report
All responses (
Answers (
