cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Mattw112IG
Level 8

Permissions

So when I have a PowerApp in SharePoint that calls Flow to do things in Dynamics...

 

Does it use the credentials of the user to do the flow action in Dynamics? Or the author who set up the connection?

 

I don't have enough licneses of Dynamics for everyone in my company.  But I need everyone in my company to be able to use the PowerApp I created in SharePoint.

 

But right now the PowerApp is failing when it launches because what appears to be permission issues to Dynamics??

 

Is there a way around this?

 

Thanks,

Terry

1 ACCEPTED SOLUTION

Accepted Solutions
Mattw112IG
Level 8

Re: Permissions

In my case, everyone in the company has SP access, so going to write there and have flow pick up new entries and create the records in Dyamics.  Thanks.

View solution in original post

11 REPLIES 11
Super User
Super User

Re: Permissions

Flow uses the permissions assigned within the Dynamics connector when you use a Dynamics trigger or action.

When you add the Dynamics trigger and/or action in Flow, it utilizes the credentials you entered into the Dynamics connector - this account must have a Dynamics license that is able to perform the action you're trying to complete with the flow. It should also have the required permissions within Dynamics to make the changes as well. 

With that said, there are some licensing limitations for use of connectors from products like Dynamics and Power BI. As an example, with Business Process Flows, everyone who uses those flows must have a Dynamics license. For your needs, your Microsoft Office 365 rep should be able to let you know specifically, or someone from the Dynamics or Flow team may be able to chime in. They are always making changes to the licensing requirements connectors, so I wouldn't trust what you find/read on the internet through searches. 

It would likely be benefecial to post a screenshot of your Flow, so we can see what you're trying to do with the Dynamics connector - that would give us a better understanding of what licensing implications may be in place.

Highlighted
Mattw112IG
Level 8

Re: Permissions

Interesting...

 

So I am our Dynamics Admin and I used my account to set up the connection.

 

The PowerApp and Flow work fine when I run the app.

 

When I had someone else run it they got this error:

You don't have permissions to view this data...

 

So if it is using my credentials, I've shared the SharePoint list out to "Everyone except external users"... what would it be failing to get permissions for?

 

Terry

Super User
Super User

Re: Permissions

The connectors use your credentials to perform the flow tasks, but viewing the data will always rely on the user's permissions (which can include License limitations). As an example, if the Flow updates a SharePoint List that the user doesn't have rights access to, the flow runs, but they can't see the output. Or, if their Office 365 account doesn't have a SharePoint Online license attached to it, they couldn't access it.

It sounds like the features within the Dynamics connector that you are using, certainly have licensing limitations. As you are the Dynamics admin, you may be able to do a quick test by giving the user a temporary license or trial license. This is also common issue with Power BI, everyone can view the web-URL of a Power BI report, but to view the report details or from the web portal, you must have a valid Power BI license. Same goes for addon license items, like ArcGIS map addon sold within the Power BI store.

Maybe @JonL-MSFT can offer some insight. From my coversations with Jon, they know the licensing with Flow needs improvement and clarity, and that is something they are working with all of the various product teams and vendors on for future improvements. From what I've seen, I just always assume that Dynamics and Power BI require a user license for anyone who access it, unless told otherwise.

Mattw112IG
Level 8

Re: Permissions

ok so the account used to set up the connctor aren't used to read/write?

 

Well so back to my issue then, I can't give everyone in the company a license to dynamics...

 

Any work arounds to that?  I'm reading maybe use Web API or Webhook or Azure Automation/Functions?

 

Something like that?

 

Thanks,
Terry

Super User
Super User

Re: Permissions


@Mattw112IG wrote:

ok so the account used to set up the connctor aren't used to read/write?

 

Well so back to my issue then, I can't give everyone in the company a license to dynamics...

 

Any work arounds to that?  I'm reading maybe use Web API or Webhook or Azure Automation/Functions?

 

Something like that?

 

Thanks,
Terry


No, the account used to set it up is used to read/write. Flows are user specific, even team flows have user specific credentials tied to them. If  you provide a screenshot of your flow, I may be able to give you more details.

The flow's run logs will show you that all of the changes made using that flow, are performed with the specific account that is configured within that flow's connectors.

Again as an example, back to the more basic SharePoint flows - if I setup a flow to copy a file to a document library when it is emailed, my account is listed as the "uploader" and "last modified" account for that document in the document library. It doesn't matter who triggers that flow, since my account is the one setup with the connector, the uploader will always be me.

However, "premium" connectors  have added licensing costs, so even if their account isn't the one making the changes, they are the ones triggering it, which also requires a license. 

Mattw112IG
Level 8

Re: Permissions

ok, sorry I guess I'm not following you.

 

Why would someone get an error about permissions if it is using my account for the flow read/write which has all permissions and works fine for me?

 

Thanks,

Terry

Super User
Super User

Re: Permissions

Because accessing Dynamics related content requires a Dynamics license. Even if they didn't author the flow, and the flow isn't using their account to perform the actions within Dynamics via the Dynamics connector, when they try and trigger the flow, their credentials are validated. If the credentials weren't validated, then anyone could run any flow. 

In the example screenshot below. Your credentials are in the My connections of the Create a new record Dynamics step (see red box). However, if they are the ones using the Manually trigger a flow step (purple box) they too much have access to Dynamics - because their actions are directly tied to access and updates taking place within Dynamics.

DynamicsConnector.png

You must have explicit rights to both run and edit a flow. It is no different than someone who doesn't have an Office 365 license, trying to use a Flow created by someone who has an Office 365 license - such as copying a file to a SharePoint Document Library. They don't have a license to perform that action, so they can't trigger that action. 

For auditing purposes, the connectors always use the same accounts for validation. Users who access those flows still need all of the proper licenses and access rights to the various connectors and resources used within those flows.

Super User
Super User

Re: Permissions

It is pretty simple. In the flow, your account is used in the Dynamics connector (red box below), yet they are the ones performing the trigger (purple box below):

DynamicsConnector.png

If you are using Flows, or any resources that access, update or manipulated Dynamics data, you need a Dynamics license. Same thing goes for SharePoint, Power BI, PowerApps, etc. The Dynamics Pricing page shows Flow access as part of the licensing cost:

DynamicsLicensing.png

And the Flow Pricing page shows Flow for Dynamics pricing:

FlowDynamicsLicensing.png

Just because you built the flow, and it is using your credentials, doesn't change the fact that those accessing it need licenses to use it too. You need a Flow license and a Dynamics license. 

Mattw112IG
Level 8

Re: Permissions

Yes I get the licensing aspect, thanks all for the details.

 

But for example let's say I created a powerapp and wanted to use it at a big conference where many people could sign up for something and that was tied to a new account or contact needing to be created in Dynamics.

 

Am I supposed to license everyone in the world?  no of course not.  So how would I do this so that an account or contact could automatically be created so I didn't have to do that manually?

 

Thanks

Terry

Super User
Super User

Re: Permissions


@Mattw112IG wrote:

Yes I get the licensing aspect, thanks all for the details.

 

But for example let's say I created a powerapp and wanted to use it at a big conference where many people could sign up for something and that was tied to a new account or contact needing to be created in Dynamics.

 

Am I supposed to license everyone in the world?  no of course not.  So how would I do this so that an account or contact could automatically be created so I didn't have to do that manually?

 

Thanks

Terry


You'd need a license for each unique ID accessing that Dynamics content directly. Dynamics isn't an open ecosystem, it is a closed ecosystem - the data contained within it is not generally meant to be used for direct public consumption. There are countless software platforms that are licenses based on a per user basis, Dynamics is no different. You can't have "visitors" or "guests" access internal Dynamics data. 

If you want mass access to your data, you would need to utilize and/or build solutions utilizing Dynamic's Web/REST API - which is even possible with Flow, but not with the Dynamics connector. The connector utilizes active licensing, just like all of the Office 365 connectors. 

If this reply has answered your question or solved your issue, please mark this question as answered. Answered questions helps users in the future who may have the same issue or question quickly find a resolution via search. THANKS!

Mattw112IG
Level 8

Re: Permissions

In my case, everyone in the company has SP access, so going to write there and have flow pick up new entries and create the records in Dyamics.  Thanks.

View solution in original post

Helpful resources

Announcements
thirdimage

Power Automate Community User Group Member Badge

Fill out a quick form to claim your user group badge now!

firstImage

Incoming: New and improved badges!

We've given our badges an overhaul and also added some brand new ones!

fifthimage

Microsoft Learn

Learn how to build the business apps that you need.

sixthImage

Power Platform World Tour

Find out where you can attend!

seventhimage

Webinars & Video Gallery

Watch & learn from the Power Automate Community Video Gallery!

Top Kudoed Authors (Last 30 Days)
Users online (5,790)