web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Small and medium business | Business Central, N... / How to update User'...
Small and medium business | Business Central, N...
Unanswered

How to update User's userGroup membership using Business Central Automation APIs ?

(1) ShareShare
ReportReport
Posted on by PriteshM 75

Hi,
I am using Business Central Automation apis to update user's userGroup membership.  For Automatuon API I am using Azure AD application with OAuth grant type of client_credentials. I am able to update user's Permission Sets with the same access token but when I try to update user's userGroup membership, I got following error, which indicates that Azure AD app don't have permission on the table.
Screenshot-2021_2D00_03_2D00_04-at-12.51.49-PM.png

REST request

POST https://api.businesscentral.dynamics.com/v2.0/xyz.onmicrosoft.com/production/api/microsoft/automation/v2.0/users(71cf1a08-abd2-4e11-a21b-031c62b5d574)/userGroupMembers?company=CRONUS USA, Inc.


Request Body
{ 
    "code": "D365 EXT. ACCOUNTANT",
    "companyName" :"CRONUS USA, Inc."

}
F

I even have tried to give SUPER permissions set to the Azure AD application but that didn't help.

On Azure AD, Application has following permission under application permissions, with admin consent given both on Azure and business Central. No delegated permissions given because I want to run this application context only.
Screenshot-2021_2D00_03_2D00_04-at-1.08.12-PM.png

What else permissions required? On the other hand if I use Basic authentication in the context of the Global administrator then the same request works, obviously global admin has access to all tables while Azure AD app have limited access to tables, but there is no built in permission Sets or userGroups which can allow azure AD application to perform the above task.

I have the same question (0)
  • Lars Lohndorf-Larsen Profile Picture
    Lars Lohndorf-Larsen on at

    Hello,

    I suspect it may be trying to make updates in Azure as well. Can you do the steps manually through the web client and send screenshots of where you are doing this? And see if you get same permissions errors there, then it may be a license restriction if you are SUPER.

  • PriteshM Profile Picture
    PriteshM 75 on at

    Thanks, Lars for your response. Basically this is a Azure AD application, single tenant and will be used by My Orginazation only. Created to utilize Automation API  following the steps documented in following link docs.microsoft.com/.../automation-apis-using-s2s-authentication

    Redirect URI for the application, I have kept as 'businesscentral.dynamics.com/OAuthLanding.htm'.

    I am using POSTMAN tool to make calls. I could do most of the operation  like listing all premissionSets, userGroups, users using the access token generated for the api.

    For requesting access token, I am using scope value as 'api.businesscentral.dynamics.com/.default', So I don't think, this is updating anything in Azure as scope is limited to the Business Central only.

    Azure AD has only Application permissions and not the Delegated Permissions. So app will not be running in the context of any user.
    Screenshot-2021_2D00_03_2D00_07-at-12.47.08-PM.png

    It is not possible to assign License to the Azure AD Application, so it will not get any additional permissions which user can get after assigning license.
    the table 'userGroups' is a Business Central specific.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Small and medium business | Business Central, NAV, RMS

#1
OussamaSabbouh Profile Picture

OussamaSabbouh 2,066

#2
YUN ZHU Profile Picture

YUN ZHU 658 Super User 2025 Season 2

#3
Sumit Singh Profile Picture

Sumit Singh 595

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans