403 Forbidden
This error message The REST service returned a status code that is not 20x - i.e. not OK - Status code received: 403 Forbidden Response body:
{"error":{"code":"Internal_ServerError","message":"Sorry, the current permissions prevented the action.(TableData 38 Purchase Header Modify: Base Application) indicates that the user or application does not have permission to perform the requested action.
The user or service account does not have permission to modify the Purchase Header table (Table ID 38) in Business Central.
This typically happens when:
- The integration attempts to create, update, or post a purchase document (e.g., Purchase Order or Invoice), and
- The associated user lacks MODIFY permissions on
Purchase Header.
This is a standard security restriction in Business Central to prevent unauthorized data changes.
- Object Type: TableData (commonly used, though other types exist like Table, Report, Page, etc.).
- Object ID: 38 (identifies a specific table).
- Object Name: Purchase Header (Table ID 38 corresponds to this name).
- Permission Needed: Modify (one of five permission levels: Read, Insert, Modify, Delete, Execute). The user was blocked from modifying a purchase invoice due to insufficient permissions.
- Extension Name: Base Application (indicates that the permissions apply to Business Central’s standard functionality, not an add-on).
Solution: To resolve the error, you need to grant MODIFY permissions on TableData 38 to the integration user or service principal.
Step-by-Step Fix:
If Using a User Account:
- Go to Business Central > Users.
- Locate the user involved in the integration.
- Under User Permission Sets, either:
- Add a new permission set that includes:
Object Type: TableData
Object ID: 38 (Purchase Header)
Permission: Modify- Or modify an existing permission set to include the
Modifyright on TableData 38.
If Using Azure AD App (Service-to-Service Auth):
- Go to Azure Active Directory > App registrations.
- Find the app used for authentication.
- In Business Central, assign this app the correct Permission Set (with
MODIFYon TableData 38).- Use Admin Center > Environment > Manage App Permissions, or
- Create a delegated user with sufficient permissions and impersonate it.
Optional Tip:
If you're unsure which permissions are required, monitor “Effective Permissions” or use Permission Recorder in Business Central to capture exactly what’s being accessed during the failing operation.