AL icon indicating copy to clipboard operation
AL copied to clipboard
verified publisher icon microsoft

PermissionSet object does not allow to include objects with scope OnPrem (AL0296)

Open t-tarasiuk opened this issue 2 years ago • 1 comments

1. Describe the bug Permission Set objects do not allow to include OnPrem objects as Compiler Error AL0296 occurs.

It was already reported in the following issues, but not yet solved: https://github.com/microsoft/AL/issues/6765 https://github.com/microsoft/AL/issues/6693

I'm trying to allow users who have limited permissions to work with Personalization functionality. I do not see any standard permission sets that will give access only to the involved objects, so I'm trying to extend my custom permissionset object with the necessary objects. However some of them are with OnPrem scope level, so the compiler does not allow me to include those objects (for example, page "Page Fields").

This is not expected behavior for me to have limitations for particular objects in permission sets as basically, I am able to include all objects with * option (for example, permissions page * = X). This still will not work for me, as it will include unnecessary objects and I want to avoid it.

Also, we had no limitations with XML permission sets and were able to include any abject we needed. So, I expect the PermissionSet Object will not bring limitations as well.

2. To Reproduce Create a new project with the following permissionset object:

permissionset 50100 "My Permission Set" { Assignable = true; Permissions = page "Page Fields" = X; }

3. Expected behavior Compiler Error AL0296 will not occur in Permission Set or Permission Set Extension objects.

4. Actual behavior Compiler Error AL0296 occurs: The application object or method 'Page Fields' has scope 'OnPrem' and cannot be used for 'Extension' development.

5. Versions:

  • AL Language: v11.7.863928
  • Visual Studio Code: v1.82.1
  • Business Central: 22.x
  • List of Visual Studio Code extensions that you have installed: AL Language

t-tarasiuk avatar Sep 16 '23 12:09 t-tarasiuk

We run into the same issue with AL0296 being fired for permission set for OnPrem Tables. We copied D365Basic which contains a lot permission on OnPrem tables.

neverbeam avatar Sep 19 '23 07:09 neverbeam

The Access and Scope modifiers behaviour in these cases is by design. For you to build permissionsets that contain these objects without resorting to the wildcard (*), the owning app of the object (in this case Base Application) must provide an appropriate permissionset for you to include in yours. We do our best to provide these permissionsets but we cannot predict every possible scenario. If you encounter issues like these, please post an issue on microsoft/ALAppExtensions with some details about which permission/permissionset you are missing.

thloke avatar Apr 30 '24 06:04 thloke

I've added the following idea Extend PermissionSet object to allow adding objects with OnPrem scope.

Please feel free to vote.

t-tarasiuk avatar May 10 '24 13:05 t-tarasiuk