cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Mr_Mather
Helper I
Helper I

Dynamics security profile prevent the triggering of a flow

Good afternoon all,

 

I am so close to solving my notification flow mini project, but I am stumbling a little bit.

 

We created a flow to run when an Activity record is created in D365 and it would send out a push notification.

 

However this flow errored, with this error message

 

 

{
"status": 403,
"message": "SecLib::CheckPrivilege failed. User: 66b56c96-xxxx-xxxx-xxxx-xxxxxxxxbbb, PrivilegeName: prvReadActivity, PrivilegeId: 650c14fe-xxxx-xxxx-xxxx-xxxxxxxxe45d, Required Depth: Global, BusinessUnitId: 6a0b1d3e-xxxx-xxxx-xxxx-xxxxxxxx1441, MetadataCache Privileges Count: 1639, User Privileges Count: 347",
"source": "xxxxxxxx.crm4.dynamics.com",
"errors": [],
"debugInfo": "clientRequestId: ba98aadc-xxxx-xxxx-xxxx-xxxxxxxx2773"
} 

 

After some trial and error, We worked out that if the permission to read the D365 record was set to Organization then the flow would work, but if the permissions were set lower permission level the flow would fail.

We cant have every user reading every activity but I cant seem to the flow to work with giving full access.

 

Any guidence on how to get around this would be gratefully recieved.

 

ta

 

L.

4 REPLIES 4
LeeHarris
Solution Sage
Solution Sage

Hi @Mr_Mather

Which user are you using to connect to Dynamics 365 within Flow? It may just be this user that needs the elevated permissions. In the past I have created connections to D365 using a user set up specifically for Flow, and then given this user full admin privileges within Dynamics 365.


Did I answer your question? Mark my post as a solution!

Proud to be a Flownaut!


Follow me on Twitter at @QG_LeeJHarris

Or on LinkedIn at in/leejharris

Hi Lee,

 

I am using a standard user, this flow is going to have to be rolled out to all 30+ users, so that when a record is created in D365 then the push notification gets sent out.

 

I cant give elevated permissions as the permission under pin the security model.

 

ta

 

L.

Hi @Mr_Mather

 

Apologies I missed the part about the push notification. I can see the issue you are having now as in order to get the push notification to work, the flow needs to be running as the specific user.

 

Depending on your experience with JSON, you can work around this by making use of the HTTP actions within Flow. Create a new Flow with a HTTP trigger that accepts a JSON object containing an Id. Run this flow with connections defined as a user with admin rights to the data in Dynamics 365. Use a Parse JSON action to convert the incoming body to usable Dynamic content and then use the Get Dynamics 365 Record action to retrieve the record from Dynamics using the GUID passed in. Format a JSON response object containing the fields you need from the Activity record and use the response action to send this back to the caller.

Within your Flow that the users will be running, add a HTTP action and call the endpoint created by your other Flow, passing in the JSON body with the Id (which you will have from the trigger step). You should then get a response back from the other Flow containing the details requested which you can parse and use in the notification action. This should be achievable with no changes to the security within D365.

 

Hope that makes sense.


Did I answer your question? Mark my post as a solution!

Proud to be a Flownaut!


Follow me on Twitter at @QG_LeeJHarris

Or on LinkedIn at in/leejharris

@LeeHarris

 

Am I correct in my thinking that for flow to correctly run, it must be able to read all records, else it will fail.  To give a more specific example.

 

I have two business units, Business Unit A and Business Unit B.  The permissions to read records is restricted by Business Unit, so people in Business Unit A cannot read Account information in Business Unit B.  Flow however runs on creation of any account record.  So that means that it will error if flow is unable to read ALL records?

 

Thanks

 

L.

Helpful resources

Announcements
UG GA Amplification 768x460.png

Launching new user group features

Learn how to create your own user groups today!

Community Connections 768x460.jpg

Community & How To Videos

Check out the new Power Platform Community Connections gallery!

M365 768x460.jpg

Microsoft 365 Collaboration Conference | December 7–9, 2021

Join us, in-person, December 7–9 in Las Vegas, for the largest gathering of the Microsoft community in the world.

Top Kudoed Authors
Users online (1,540)