There is contact based portal registration.
In CRM a person can exists in multiple business units.
Now when a user try to login, it says password incorrect because it is referring to the other contact which is not having the password but same emailId.
I want to enable portal for all the contacts in the system, based up on the business unit I will show the menu items.
suggest changes in portal setup so that it can handle multiple contacts for the user
You have to think again about your implementation idea based on Administrator's Guide to Portal Capabilities for Microsoft Dynamics 365.
Few points:
Multiple contacts is not a good idea, that too with the same email address. Not sure which Business Units (BU) you are talking about, but how you are planning to hook the authentication piece by different BU? Use the same Contact and after authentication, decide the authorization part based on your concept
Even different Contact with different Email for different purpose is ok, but I would recommend you to look at web roles instead
If Menu items has to be dynamic & depends on configurations, use Liquid syntax rather than complex implementations. Read more
Related
We have a scenario where we do not have enough licenses to provide to the users for Dynamics CRM Online. But we need these users to be able to edit/create rows in Appointments and Task tables. We have a license with Admin access. Can this license be shared or used in such a way that users can edit these tables through any other interface say using Power Apps or so? Is there any way to enable them to edit the tables?
What you can do is, get the per-user-per-app license for users so they can use Canvas app and get authenticated using AD SSO.
You can use the Admin service account to do data interactions into Dynamics CRM using MS Flow/Power Automate. Essentially CDS connector will use the licensed CRM admin account in the backend. Honestly I never tried this.
Another user also used HTTP request to use LogicApps to POST the data without license. Reference
PowerApps portals is another option.
I'm building an employee self service portal via Dynamics 365, and when I use the lookup field to display my name in a form other employee names are displayed too:
I've been fiddling with the security roles for a while now and still cant seem to get it to display a single employee name.
I'm also planning to do it a different way by filling up the employee name based on the username on the upper right.
How do you guys suggest I go about this?
First things first. Portals won't use any CRM Security role concepts as it's for CRM users. Portal is built on top of Contact entity. Contact is Portal user & Web role will control his/her access.
You have to Entity Form Metadata to populate the fields per your need. The contact lookup can be filled in by current login Portal user this way. Even you can implement something like manage/restrict the Contacts only from your parent Account in that lookup easily.
I am setting up CRM to enable the support team to be able to schedule service appointments. However the problem is that all users in the organisation are displayed as rows. How do I restrict this to just a single CRM Team rather than the whole organisation?
Using Dynamics Online 2016 Update 1.
First create view that shows all users you want and next in calendar view change type to user and pick view that you created. You can't pick teams in there.
I would suggest that you use the Business Unit + Team + Security Role tandem to do this. How do you do this?
Create Child Business Units from the Parent Business Unit.
Create Teams with the same name
Create a Security Role (e.g Service Calendar BU Role) that restricts Service Calendar CRUD, Assign, Share, etc to Business Unit (Note: This entity can be found under Service Management)
Assign that Security Role (e.g Service Calendar BU Role) to the Team
I need to design a model for CRM by which all cases be centralized for the company as well as its partners. It's a particular need that the company prepare service for its partners, also for the customers of each partner. Therefore, individuals in partners can be contact (because its account and entitlement is needed) and user (because they should have access to CRM similar to the company's supporters) at the same time.
Have you ever faced this need, and do you know a design model which cover it?
The most general case would be to design your CRM-system around Contacts. You could then create a lookup from User to Contact, and create a workflow or plugin to ensure that a User always has a corresponding Contact created.
This way everyone is a Contact in the system, while some people also have User records.
Ok, so imagine a bank has a call-centre filled with low-trust staff. The staff need to provide basic service to customers over the phone. The call centre staff take calls from a customer, ask them certain security questions, and then service the accounts in some way.
Now, from the customer's point of view, the bank is verifying who they are by asking the security questions. This is subtly different from the bank's point of view: It is verifying that the call centre employee is talking to the customer.
Why is this difference important? The bank wants to restrict these low trust staff, so they cannot view any details of the accounts until the customer calls them. So a call centre employee can't browse account details of customers that haven't just contacted him and asked for service.
So the question is:
Is this sort of setup possible in Dynamics CRM 2011? How would one go about implementing it? Some level of customization would be OK, but a bespoke application driven from the CRM data is not.
I'm thinking that maybe it's possible to create a custom component that temporarily modifies the user's permissions to a record (and all its children) after answering some security questions. However, I'm not even sure that record-based security (beyond Ownership) is supported in CRM...? I guess one could temporarily assign ownership to the user. Is that wise?
Please note: Simply hiding views & find buttons from the GUI isn't the sort of level of security we're looking for here. We're looking to literally restrict the user from accesing the records in question.
I can see a couple of options:
Working within the permissions model. This could work. You could have access restricted by default, and then have another entity where you'd enter in the account details, a plugin would run and verify the details, and then share the record to the current user. I'd be a little concerned, however, on how the unsharing would work. What would trigger it? Would there be a process that just runs outside of CRM and unshares records periodically. What if that process fails? We've also had performance issues in the past with this type of model... CRM seems to do a lot of work under the hood every time an individual record's permissions are changed like this.
Reassigning the owner, as you suggest. Would multiple users ever need to look at the same data? Does the owner of the record need to be maintained for any other reason (e.g. This is Joe's account because he's the owner).
Working exclusively with plugins. You could have a plugin registered on Retrieve and RetrieveMultiple of a record. This plugin could filter out all the details you want to hide from the end user. When the user needs to view the rest of the data, they fill out a form or dialog or something with the data. This data is then included in the Retrieve call for the record. The plugin checks for the hidden data, verifies that it's there and correct, then strips it out and lets the request continue, only this time it retrieves all attributes, and the form populates as expected.
Disclaimer: this answer is based on plenty of CRM 4.0 experience and reading the release notes for 2011.
Short answer: no.
Long answer: yes, but the customisation would be major. The 'easiest' option that springs to mind, is that the authentication process is carried out as a bespoke asp.net page that either a) uses a service account to re-assign an entity to an individual and then returns them to the relevant CRM form, then a plug in that re-assigns it back on saving changes
or
b) has it's own set of forms to that update and retrieve information as a service account, and only do so after answering the security questions.
As an aside, any kind of 'scripted' form is almost impossible in CRM 4.0. I believe 2011 slightly improves on that, but what I've seen is still not encouraging. Using CRM in a contact centre for us has meant investing in a piece of third party form building software and creating bespoke forms that can be launched from CRM and return data via the web services (which are impressively flexible). We only use the CRM interface for viewing historic requests - even most updates trigger one of the bespoke forms.
If I was to implement such a scenario I would create a customer access record (new_custaccess) that is linked to the customer record (new_customer). For this example - keeping it simple - I'm going to assume that the customer has a simple access code they must provide before the bank employee (Operator) can access the record. The access code is stored on new_custaccess in a field (new_secretcode).
Security is that the Operator has no privileges to new_customer and read/update privileges to new_custaccess.
There is a single field (new_secretcodeoperator) on new_custaccess that the operator can update. All other fields are restricted from update (and, if appropriate, read) to the Operator.
When the Customer calls and the Operator searches for the appropriate new_custaccess record. Once they locate the record they enter the Customer provided secret code into the field new_secretcode and do a save.
A Pre-Update query executes on new_custaccess in the context of a user with full privileges (call it MASTER, for fun here.) That plug-in checks to see if the provided code matches the secret code. If it doesn't it throws an error and the Operator can retry. If it does match the plug-in strips the field new_secretcodeoperator from the record, to keep it from saving the value. It also shares appropriate permission on the record new_customer to the appropriate operator.
The Operator now has access to the Customer record (you'll have to decide whether to cascade permissions or share on each record - that decision is beyond this discussion.)
We now need to deal with rescinding permission on the Customer record. I would handle this by having an entity new_customeraccess that is generated by the previous plug-in whenever access is granted to a Customer record. A workflow should be triggered on Create of new_customeraccess that cause new_customeraccess to be updated every 20 minutes (or whatever time the client prefers.)
A plugin is registered on Update of new_customeraccess that fires when the field updated by the workflow is modified. This plug-in will determine - via whatever criteria is decided on by the business - whether to continue sharing or revoke sharing.
I would also create some javascript/html based pop-up from the new_customer ribbon to end sharing by updating a field on new_customeraccess. Provide the Operator with limited Update privs on new_customeraccess via field level security.
This should accomplish what you want without going outside the standard CRM customization model. Not exactly sure of where you draw the line on bespoke but this is probably as close as you'll get to OOTB. A few plug-ins are all the C# you'll need. And the only JavaScript will be for usability, not functionality.
Let me know if you have questions.