cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Mr_Mather Helper I
Helper I

Dynamics security profile prevent the triggering of a flow

Good afternoon all,

 

I am so close to solving my notification flow mini project, but I am stumbling a little bit.

 

We created a flow to run when an Activity record is created in D365 and it would send out a push notification.

 

However this flow errored, with this error message

 

 

{
"status": 403,
"message": "SecLib::CheckPrivilege failed. User: 66b56c96-xxxx-xxxx-xxxx-xxxxxxxxbbb, PrivilegeName: prvReadActivity, PrivilegeId: 650c14fe-xxxx-xxxx-xxxx-xxxxxxxxe45d, Required Depth: Global, BusinessUnitId: 6a0b1d3e-xxxx-xxxx-xxxx-xxxxxxxx1441, MetadataCache Privileges Count: 1639, User Privileges Count: 347",
"source": "xxxxxxxx.crm4.dynamics.com",
"errors": [],
"debugInfo": "clientRequestId: ba98aadc-xxxx-xxxx-xxxx-xxxxxxxx2773"
} 

 

After some trial and error, We worked out that if the permission to read the D365 record was set to Organization then the flow would work, but if the permissions were set lower permission level the flow would fail.

We cant have every user reading every activity but I cant seem to the flow to work with giving full access.

 

Any guidence on how to get around this would be gratefully recieved.

 

ta

 

L.

4 REPLIES 4
Super User
Super User

Re: Dynamics security profile prevent the triggering of a flow

Hi @Mr_Mather

Which user are you using to connect to Dynamics 365 within Flow? It may just be this user that needs the elevated permissions. In the past I have created connections to D365 using a user set up specifically for Flow, and then given this user full admin privileges within Dynamics 365.


Did I answer your question? Mark my post as a solution!

Proud to be a Flownaut!


Follow me on Twitter at @QG_LeeJHarris

Or on LinkedIn at in/leejharris

Mr_Mather Helper I
Helper I

Re: Dynamics security profile prevent the triggering of a flow

Hi Lee,

 

I am using a standard user, this flow is going to have to be rolled out to all 30+ users, so that when a record is created in D365 then the push notification gets sent out.

 

I cant give elevated permissions as the permission under pin the security model.

 

ta

 

L.

Super User
Super User

Re: Dynamics security profile prevent the triggering of a flow

Hi @Mr_Mather

 

Apologies I missed the part about the push notification. I can see the issue you are having now as in order to get the push notification to work, the flow needs to be running as the specific user.

 

Depending on your experience with JSON, you can work around this by making use of the HTTP actions within Flow. Create a new Flow with a HTTP trigger that accepts a JSON object containing an Id. Run this flow with connections defined as a user with admin rights to the data in Dynamics 365. Use a Parse JSON action to convert the incoming body to usable Dynamic content and then use the Get Dynamics 365 Record action to retrieve the record from Dynamics using the GUID passed in. Format a JSON response object containing the fields you need from the Activity record and use the response action to send this back to the caller.

Within your Flow that the users will be running, add a HTTP action and call the endpoint created by your other Flow, passing in the JSON body with the Id (which you will have from the trigger step). You should then get a response back from the other Flow containing the details requested which you can parse and use in the notification action. This should be achievable with no changes to the security within D365.

 

Hope that makes sense.


Did I answer your question? Mark my post as a solution!

Proud to be a Flownaut!


Follow me on Twitter at @QG_LeeJHarris

Or on LinkedIn at in/leejharris

Mr_Mather Helper I
Helper I

Re: Dynamics security profile prevent the triggering of a flow

@LeeHarris

 

Am I correct in my thinking that for flow to correctly run, it must be able to read all records, else it will fail.  To give a more specific example.

 

I have two business units, Business Unit A and Business Unit B.  The permissions to read records is restricted by Business Unit, so people in Business Unit A cannot read Account information in Business Unit B.  Flow however runs on creation of any account record.  So that means that it will error if flow is unable to read ALL records?

 

Thanks

 

L.

Helpful resources

Announcements
firstImage

New Ranks and Rank Icons released on April 21!

The time has come: We are finally able to share more details on the brand-new ranks coming to the Power Automate Community!

firstImage

Now Live: Power Virtual Agents Community!

We are excited to announce the launch of Power Virtual Agents Community. Check it out now!

firstImage

New & Improved Power Automate Community Cookbook

We've updated and improved the layout and uploading format of the Power Automate Cookbook!

thirdimage

Power Automate Community User Group Member Badge

Fill out a quick form to claim your user group badge now!

sixthImage

Community Summit North America

The top training and networking event across the globe for Microsoft Business Applications

Users online (7,800)