cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
vpathak
Regular Visitor

Restrict sales user form accessing records which is not shared or assigned to user

I have created a PVA chat bot. In that we are calling an action and action is referring an order entity. In that entity sales user is not  having access to all the order records but when sales user is trying to access the records through PVA then sales user can see other records also which is not assigned or shared with sales user.

How we can restrict the access to sales user so that they cant see the other's record while chatting in PVA?

3 REPLIES 3
Expiscornovus
Super User
Super User

Hi @vpathak,

 

One approach could be to impersonate the user in your request.

 

You could use the Microsoft Dataverse Web API with an HTTP request action and use the CallerObjectID with the Azure Active Directory (AAD) object id of the user interacting with the PVA chat bot.

 

Here is an example in the Microsoft Docs about user impersonation:

Impersonate another user using the Web API (Microsoft Dataverse) - Power Apps | Microsoft Docs

 

Below is a screenshot of such a query in Power Automate. 

 

callerobjectid_userimpersonation.png

 



Happy to help out! 🙂

Interested in more #PowerAutomate #SharePointOnline or #PowerVirtualAgents content?
Visit my blog, Subscribe to my YouTube channel or Follow me on Twitter


Thanks for your reply.

Could you please let us know how I can pass callerobjectid for different such user who has record based access to entity..

Expiscornovus
Super User
Super User

Hi @vpathak,

 

1. Make sure you enable authentication for your Power Virtual Agent.

 

pvabotauth.png

 

2. Create a flow with a When Power Virtual Agents calls a flow trigger action. Add a text UserID input field to that action.

 

userid_input.png

 

3. Use a HTTP action like I showed in my earlier post. Use the UserID field for the CallerObjectId in the Header section.

 

userid_object.png

4. In your Topic setup make sure you map the Bot.UserId to the flow with the UserId field

 

botuserid_listmyrecords.png



Happy to help out! 🙂

Interested in more #PowerAutomate #SharePointOnline or #PowerVirtualAgents content?
Visit my blog, Subscribe to my YouTube channel or Follow me on Twitter


Helpful resources

Announcements
Power Virtual Agents News & Announcements

Power Virtual Agents News & Announcements

Keep up to date with current events and community announcements in the Power Virtual Agents community.

Community Calls Conversations

Community Calls Conversations

A great place where you can stay up to date with community calls and interact with the speakers.

Power Virtual Agents Community Blog

Power Virtual Agents Community Blog

Check out the latest Community Blog from the community!

Top Solution Authors
Top Kudoed Authors
Users online (2,107)