I have created a PVA chat bot. In that we are calling an action and action is referring an order entity. In that entity sales user is not having access to all the order records but when sales user is trying to access the records through PVA then sales user can see other records also which is not assigned or shared with sales user.
How we can restrict the access to sales user so that they cant see the other's record while chatting in PVA?
One approach could be to impersonate the user in your request.
You could use the Microsoft Dataverse Web API with an HTTP request action and use the CallerObjectID with the Azure Active Directory (AAD) object id of the user interacting with the PVA chat bot.
Here is an example in the Microsoft Docs about user impersonation:
Below is a screenshot of such a query in Power Automate.
Thanks for your reply.
Could you please let us know how I can pass callerobjectid for different such user who has record based access to entity..
1. Make sure you enable authentication for your Power Virtual Agent.
2. Create a flow with a When Power Virtual Agents calls a flow trigger action. Add a text UserID input field to that action.
3. Use a HTTP action like I showed in my earlier post. Use the UserID field for the CallerObjectId in the Header section.
4. In your Topic setup make sure you map the Bot.UserId to the flow with the UserId field
The first Microsoft-sponsored Power Platform Conference is coming in September. 100+ speakers, 150+ sessions, and what's new and next for Power Platform.
Learn how to respond rapidly to your customers and employees at scale, using intelligent conversational chatbots.