Retail designer – Creating a database role with database access

Using the designer in AX 2012 for designing POS-buttons, receipts and whatever usually works for us eggheads with admin rights to the servers. But when it comes to the real users they might end up with an error like this:

ErrorMessage

What you need to do is to grant the users that need to work with the designer some additional rights directly to the Dynamics AX database. Scary stuff and something we’d rather not do; but in this case there’s no way around it. The good news is that it is only a few tables.

Here’s what to do:

Log on to the Microsoft SQL Server Management Studio, right click on the Dynamics AX database and select New Query.

NewQuery

Paste in this script and execute it. It will create a database role with the appropriate rights to the tables

  • RETAILBUTTONGRID
  • RETAILBUTTONGRIDBUTTONS
  • RETAILFORMLAYOUT
  • RETAILIMAGES
  • RETAILTERMINALCUSTOMFIELD
  • RETAILTILLLAYOUT
  • RETAILOPERATIONS

and select rights on these:

  • RETAILSALESTAXOVERRIDE
  • RETAILSTORETENDERTYPETABLE
  • RETAILSALESTAXOVERRIDEGROUPMEMBER
  • INVENTITEMBARCODE
  • INVENTTABLE
  • RETAILCHANNELTABLE
  • ECORESPRODUCTTRANSLATION

Notice, that the names of these tables may vary from AX version to AX version, but you’ll probably be able to locate the right tables.

The script:

CREATE ROLE [AX_POS_Designer]
GO

GRANT DELETE ON [dbo].[RETAILBUTTONGRID] TO [AX_POS_Designer]
GRANT INSERT ON [dbo].[RETAILBUTTONGRID] TO [AX_POS_Designer]
GRANT SELECT ON [dbo].[RETAILBUTTONGRID] TO [AX_POS_Designer]
GRANT UPDATE ON [dbo].[RETAILBUTTONGRID] TO [AX_POS_Designer]
GRANT DELETE ON [dbo].[RETAILBUTTONGRIDBUTTONS] TO [AX_POS_Designer]
GRANT INSERT ON [dbo].[RETAILBUTTONGRIDBUTTONS] TO [AX_POS_Designer]
GRANT SELECT ON [dbo].[RETAILBUTTONGRIDBUTTONS] TO [AX_POS_Designer]
GRANT UPDATE ON [dbo].[RETAILBUTTONGRIDBUTTONS] TO [AX_POS_Designer]
GRANT DELETE ON [dbo].[RETAILFORMLAYOUT] TO [AX_POS_Designer]
GRANT INSERT ON [dbo].[RETAILFORMLAYOUT] TO [AX_POS_Designer]
GRANT SELECT ON [dbo].[RETAILFORMLAYOUT] TO [AX_POS_Designer]
GRANT UPDATE ON [dbo].[RETAILFORMLAYOUT] TO [AX_POS_Designer]
GRANT DELETE ON [dbo].[RETAILTILLLAYOUT] TO [AX_POS_Designer]
GRANT INSERT ON [dbo].[RETAILTILLLAYOUT] TO [AX_POS_Designer]
GRANT SELECT ON [dbo].[RETAILTILLLAYOUT] TO [AX_POS_Designer]
GRANT UPDATE ON [dbo].[RETAILTILLLAYOUT] TO [AX_POS_Designer]
GRANT DELETE ON [dbo].[RETAILIMAGES] TO [AX_POS_Designer]
GRANT INSERT ON [dbo].[RETAILIMAGES] TO [AX_POS_Designer]
GRANT SELECT ON [dbo].[RETAILIMAGES] TO [AX_POS_Designer]
GRANT UPDATE ON [dbo].[RETAILIMAGES] TO [AX_POS_Designer]
GRANT DELETE ON [dbo].[RETAILTERMINALCUSTOMFIELD] TO [AX_POS_Designer]
GRANT INSERT ON [dbo].[RETAILTERMINALCUSTOMFIELD] TO [AX_POS_Designer]
GRANT SELECT ON [dbo].[RETAILTERMINALCUSTOMFIELD] TO [AX_POS_Designer]
GRANT UPDATE ON [dbo].[RETAILTERMINALCUSTOMFIELD] TO [AX_POS_Designer]
GRANT DELETE ON [dbo].[RETAILOPERATIONS] TO [AX_POS_Designer]
GRANT INSERT ON [dbo].[RETAILOPERATIONS] TO [AX_POS_Designer]
GRANT SELECT ON [dbo].[RETAILOPERATIONS] TO [AX_POS_Designer]
GRANT UPDATE ON [dbo].[RETAILOPERATIONS] TO [AX_POS_Designer]
GRANT SELECT ON [dbo].[RETAILSALESTAXOVERRIDE] TO [AX_POS_Designer]
GRANT SELECT ON [dbo].[RETAILSTORETENDERTYPETABLE] TO [AX_POS_Designer]
GRANT SELECT ON [dbo].[RETAILSALESTAXOVERRIDEGROUPMEMBER] TO [AX_POS_Designer]
GRANT SELECT ON [dbo].[INVENTITEMBARCODE] TO [AX_POS_Designer]
GRANT SELECT ON [dbo].[INVENTTABLE] TO [AX_POS_Designer]
GRANT SELECT ON [dbo].[RETAILCHANNELTABLE] TO [AX_POS_Designer]
GRANT SELECT ON [dbo].[ECORESPRODUCTTRANSLATION] TO [AX_POS_Designer]
GO

Now you’ve got the role. Next step is to create the required logins, map them to a database and the newly created role.

UserMapping

Log in to AX and check that the designer starts up successfully.

Associate worker with AAD account – Service unavailable

When trying to associate a worker with an AAD user in New Dynamics AX you can in some of the releases get an error saying “The service you are trying to reach is currently unavailable. Please contact your System Admin…”.

Workers_--_Error

Now in the New Dynamics AX the System Admin is often pretty hard to find unless you have a mirror so here is something that might get you passed that error. There’s no fancy stuff here. More a matter of how to approach the task.

Click “Associate existing account”:

Workers_--_StartAssociate

Change “Filter using columns” to “Search using email” and put in the email of the user:

Workers_--_SearchByEmail

 

Click Search and select the user on the list:

Workers_--_FindUser

Click OK and you’re back on the worker with a association to your user:

Workers_--_AssociationDone

 

The good part is that you can do this within a few seconds compared to having to wait for the full AAD to be loaded before you can pick the user, which you are going to be searching for anyways.

There is a hot fix released for this error, but if you just need to get it fixed now then the above work-around could help you out.

 

Lifecycle Services and Azure Resource Manager – First bump on the road…

We have been using Lifecycle Services (LCS) for hosting environments for both AX 2012 and AX7 (sorry, New Dynamics AX) so it was somewhat a trivial task deploying new servers. Until we met Azure Resource Manager, that is. Adding servers to an old project ended up giving us this error message:

Lifecycle Services can’t connect to the Azure subscription using Azure Resource Manager. Click the Microsoft Azure Settings button and edit the selected Connector to provide the required permissions to ERP applications in your Azure subscription.

Error_message

The fix is fairly simple. Go to the Azure connector in your project. You’ll find it in the Project settings. Select it and click Edit. What you need to do is to flip this one to Yes:

Project_Flip_This

It will then lead you through a couple of steps regarding your management certificate and how you need to download it and upload it to the Azure Portal. No need to worry about that because you already did that when you created the connector so just click Next.

You could then end up with another obstacle in the form of missing rights on the Azure tier:

Project_Need_To_Add_Role

Go to Azure Portal and go to your subscription. Click this button to do add access:

Azure_Add_Access_Add

The following is pretty straight forward. Select a role and select the user:

Azure_Add_Access

Azure_Add_Access_Select_User

Azure_Add_Access_User_Done

Going back into LCS and click Next might present you with the same error like above with the Dynamics Deployment Service needs access but hang in there. It seems like there’s a bit of delay, so just give it another go after a minute or two.

As soon as your connector has been updated you’re good to go and can deploy the server.