Closed TomHedegaardTrimit closed 3 years ago
The permissions system was changed for 18.0 and permissions are now taken from extensions. Since you are using a 16 database, you have the permissions in the database. There is a customconfig setting you can set to use permissions from the database instead of from extensions:
<add key="UsePermissionsFromExtensions" value="false" />
Thanks, But I can only change the customconfig in the container, after the container is generated, and the error I get appears during the New-BCContainer ?
Can I change the config as a parameter at the New-BCContainer command ?
@freddydk - can I change the config as a parameter at the New-BCContainer command ?
Same issue here.
I've the same issue in our build pipeline with BC18. We use BcContainerHelper version 2.0.10. This are our params we pass into New-NavContainer:
Name Value
---- -----
isolation process
includeAL True
useNewDatabase True
artifactUrl https://bcartifacts.azureedge.net/onprem/18.0.23013.23795/w1
containerName c31092
Credential System.Management.Automation.PSCredential
additionalParameters --volume "C:\agents\DOCKERAGENT0114_work\1\s:C:\Source"
accept_eula True
accept_outdated True
auth UserPassword
imageName 4ps-bc-18.0-w1
licenseFile c:\agents\DOCKERAGENT0114_work\_temp\bc18.flf
updateHosts True
This action fails with the following stacktrace:
The Aggregate Permission Set does not exist. Identification fields and values: Scope='System',App ID='{00000000-0000-0000-0000-000000000000}',Role ID='SUPER'
at <ScriptBlock>, <No file>: line 54
at Invoke-ScriptInBcContainer, C:\Program Files\WindowsPowerShell\Modules\BcContainerHelper\2.0.10\ContainerHandling\Invoke-ScriptInNavContainer.ps1: line 44
at New-BcContainerBcUser<Process>, C:\Program Files\WindowsPowerShell\Modules\BcContainerHelper\2.0.10\UserHandling\New-NavContainerNavUser.ps1: line 52
at Clean-BcContainerDatabase, C:\Program Files\WindowsPowerShell\Modules\BcContainerHelper\2.0.10\AppHandling\Clean-BcContainerDatabase.ps1: line 173
at New-BcContainer, C:\Program Files\WindowsPowerShell\Modules\BcContainerHelper\2.0.10\ContainerHandling\New-NavContainer.ps1: line 2031
You can change a server setting when creating the container using the parameter Tobias described here: https://github.com/microsoft/navcontainerhelper/issues/1881
Thanks Freddy. I tried issue 1881 "-e customNavSettings=UsePermissionsFromExtensions=false" I combined it with useNewDatabase = $true
Result is the same:
Importing License C:\Run\my\license.flf
Creating user admin
Creating User admin
Assigning Permission Set SUPER to admin
**Aggregate Permission Set does not exist. Identification fields and values: Scope='System',App ID='{00000000-0000-0000-0000-000000000000}',Role ID='SUPER'**
at <ScriptBlock>, <No file>: line 54
at Invoke-ScriptInBcContainer, C:\Program Files\WindowsPowerShell\Modules\BcContainerHelper\2.0.10\ContainerHandling\Invoke-ScriptInNavContainer.ps1: line 44
at New-BcContainerBcUser<Process>, C:\Program Files\WindowsPowerShell\Modules\BcContainerHelper\2.0.10\UserHandling\New-NavContainerNavUser.ps1: line 52
at Clean-BcContainerDatabase, C:\Program Files\WindowsPowerShell\Modules\BcContainerHelper\2.0.10\AppHandling\Clean-BcContainerDatabase.ps1: line 173
at New-BcContainer, C:\Program Files\WindowsPowerShell\Modules\BcContainerHelper\2.0.10\ContainerHandling\New-NavContainer.ps1: line 2031
at <ScriptBlock>, D:\PreReq\BC\BC_Docker_requirements\Scripts\Setup-Container.ps1: line 547
at <ScriptBlock>, C:\azagent\A1\_work\_temp\7a84c46f-21cd-4483-a027-cf87d20a593c.ps1: line 3
at <ScriptBlock>, <No file>: line 1
Failed creating a new Container.
So the problem remains unfortunatelly
Post the full output, then we can see whether the setting was applied or what goes wrong. Thanks
Hi, we also struggle with this. We applied the workaround with the UsePermissionsFromExtensions = false. (like -additionalParameters @("-e customNavSettings=UsePermissionsFromExtensions=false") ) and it does something to the execution as the point of failing moved. without the additional Paramter it died right after "Removing Database CRONUS" while with it dies at: Creating User xxx Assign Permission Set SUPER to xxx We also work with newDatabase (due to customized Base app development).
Please post the full output or even better email me a link to a .zip file, which includes script + bak file so that I can repro. Then I will fix this asap.
Well, no bak file! it is as simple as just calling New-BCContainer like the following on your machine (mind the license !):
New-BCContainer -accept_eula `
-containerName "BC18X" `
-artifactUrl (Get-BCArtifactUrl -type OnPrem -version 18 -country w1) `
-auth Windows `
-updateHosts `
-isolation hyperv `
-licenseFile "N:\Developerlicense\license.flf" `
-memoryLimit 12G `
-useNewDatabase
it runs fine until it hits:
(...)
Initialization took 37 seconds
Ready for connections!
Reading CustomSettings.config from BC18X
Creating Desktop Shortcuts for BC18X
Stopping ServiceTier in order to replace database
Copying Database on localhost\SQLEXPRESS from CRONUS to mytempdb
Taking database CRONUS offline
Copying database files
Attaching files as new Database mytempdb
Putting database CRONUS back online
Removing Database CRONUS from localhost\SQLEXPRESS
Creating new database CRONUS on localhost\SQLEXPRESS with Collation Latin1_General_100_CSAS
Copying table [Entitlement] from original database
Copying table [Entitlement Set] from original database
Copying table [Membership Entitlement] from original database
Removing Database mytempdb from localhost\SQLEXPRESS
Starting Service Tier
Synchronizing
Importing license file
Importing License C:\Run\my\license.flf
Creating user kleink
The Aggregate Permission Set does not exist. Identification fields and values: Scope='System',App ID='{00000000-0000-0000-0000-000000000000}',Role ID='SUPER'
at ~~~~~~
'+ CategoryInfo : OperationStopped: (The Aggregate P...Role ID='SUPER':String) [], RuntimeException
'+ FullyQualifiedErrorId : The Aggregate Permission Set does not exist. Identification fields and values: Scope='System',App ID='{00000000-00
00-0000-0000-000000000000}',Role ID='SUPER'
Once again it might be a simple spello...
it is not
-additionalParameters @("-e customNavSettings=UsePermissionsFromExtensions=false")
but
-additionalParameters @("-e customNavSettings=UsePermissionSetsFromExtensions=false")
...i'll keep you updated ....
I think this helps! (getting at least a different error now...)
I have a release pipeline which works fine on BC17.0, but when I try to run it on a BC18.0 docker, it fails.
Expected behaviour of the pipeline:
This works fine on a 17.0 docker, but on a 18.0 docker we get this error: The Aggregate Permission Set does not exist. Identification fields and values: Scope='System',App ID='{00000000-0000-0000-0000-000000000000}',Role ID='SUPER'
What is different or changed from 17.0 to 18.0, and do we need to change something in the pipeline script ?
Scripts used to create container and cause the issue
Full output of scripts
Additional context