I want to get the UserID of the current user from whom the Workflow was executed in Dynamics CRM 4.
I did it using the
IWorkflowContext.UserID
but it gets the ID of the Workflow Owner.
There is no way to retrieve this information unless a user explicitly ran the workflow "on demand." If the workflow was triggered via a crm action (such as create of a record) it will run under the context of the workflow owner.
See this blog post from a member of the crm support team:
UserId: If the workflow was executed on demand, this will be the ID of the user who executed the workflow. If the workflow was executed due to a message executing, then it will be the ID of the workflow owner.
Related
We have used the case Entity, there is default user that is used to assign a case on new creation or reactivation.
We have a workflow created for Case Reactivation, so whenever a case is reopen it is assigned to the default system user. It was working fine till September 20, but now when you give the survey after case resolution and then try to reactivate it it throws error in workflow. It works fine when you try to reactivate without giving the survey.
Error:
The real-time workflow named "Case is Resolved/Reopened" failed with the error "Principal user (Id, type=8, roleCount=1, privilegeCount=619, accessMode=0), is missing prvReadmsfp_questionresponse privilege (Id) on OTC=10247 for entity 'msfp_questionresponse'.
The System user has the role assigned as of salesperson, giving permission for this entity to salesperson does solve the issue, but the salesperson role is being used by many others to whom permission for this entity can't be given.
Can anyone tell us why this started causing issue after a particular time. Was there any updates from Microsoft Forms Pro for this entity?
Its very possible there have been updates from MS. You can review the solution history in make.powerplatorm.
https://learn.microsoft.com/en-us/powerapps/maker/common-data-service/solution-history
Look for the forms pro solution and check the solution history.
Is the "Default" user an actual person that logs in? Or a Service account that is only used for automation/workflows?
In any case, I'd suggest creating an add-on or feature role called something like "Question Response Reader" that only has the read permission for that entity. You can then add that role to the default user, and any other users that need to read that entity.
Probably Microsoft changed something in the background especially w.r.t security of forms Response entity msfp_questionresponse.
You easily solution is to give proper security rights to user who is ruining your workflow.
If it is run by the owner of the workflow then that user, if workflow runs under the context of user then that user should have read rights for entity msfp_questionresponse
I'm working on a custom plug-in (non-sandboxed) in a CRM2016 on-prem to interface with an internal webAPI.
When I run this piece of code, it is returning the CRM App Pool user and not my user name:
(System.Security.Principal.WindowsIdentity)HttpContext.Current.User.Identity;
Is this expected and normal? If it is, how do you impersonate the calling user for external calls.
Thanks.
Yes that is normal, synchronous plugins run on the web server, so getting the IIS App Pool user is expected. If the plugin is running asynchronously its runs on the back end asynchronous service so you would probably get a different service account.
You could examine the plugin execution context (IPluginExecutionContext) to get eitherInitiatingUserId or UserId, which is the CRM GUID of the system user account under which the plugin is executing - depending how on the plugin is executed and registered this can give you the CRM identity of the user who started the plugin.
Jeff describes this within; How to get current user record in CRM plugin?
The information is available in the PluginExecutionContext. The code
below is from the Execute method your plugin must implement.
public void Execute(IServiceProvider serviceProvider)
{
IPluginExecutionContext context = (IPluginExecutionContext)serviceProvider.GetService(typeof(IPluginExecutionContext));
IOrganizationServiceFactory serviceFactory = (IOrganizationServiceFactory)serviceProvider.GetService(typeof(IOrganizationServiceFactory));
Guid userId = context.InitiatingUserId;
}
FYI, the context also has a "UserId" property that may or may not be
the same as the InitiatingUserId. If your plugin step registration
"Run in Users's Context" field has the value "Calling User", then they
will be the same. If you have specified a user in the "Run in User's
Context" field, then the UserId field will contain the user ID of the
person you specify and the InitiatingUserId will be the actual CRM
user whose action triggered the plugin. Sounds like you're looking for
the InitiatingUserId.
Or perhaps you could use another indicator, such as whoever last modified some record. You could then lookup their details in CRM, e.g. to get their domain name.
Depending on how you authenticate with the external service this might help to impersonate the user. Otherwise there as far as I know there is no easy way to get the users security token for example, CRM doesn't really expose that information.
I am integrating MS Dynamics CRM online with my ASP.Net MVC application. I am creating a synchronization process between both. I'm stuck at the point where
I need to check if user has entered valid CRM credentials ie. server address, domain, username and password etc. I am not sure which class is to use for that?
I want to create multiple entities of same type in a single go in CRM online from my Application. Currently I am using ServiceProxy's Create() method to do so . How can I create , for instance, 10 contacts in a single request ?
Is there any way to send list of objects to CRM server and create
them there?
To check I believe the easiest way is just execute call for example of WhoAmI message. If it would not throw an exception - that will mean that credentials are correct.
You should look at ExecuteMultiple message.
IBM Knowledge Center states that
Server disables security access checks during subscription execution
but does not mention the user credentials the code uses to execute which you need to know in order to map user RunAs roles on the application server.
What user credentials does FileNet use to execute event action code?
As I understand, when you create async subscription it will be executed under p8boostrap user.
And it will keep user context when you execute syncronious subscription.
But you can check it for sure.
It is using the user who triggered the action. E.g. if a user changes a property of a document (let's say DocumentTitle because it is always there) and clicks save, then an update event will be triggered which launches the subscription (if subscribed to the update event) which launches the action. Use synchronous for short running tasks, you can immediately show the update to the user. With asynchronous the user will have to click "Refresh".
Security can be a pain if not planned carefully at the beginning, for the action to be executed, the user has to have rights for the subscription, action event, document class etc. basically for everything involved or the user will get a cryptic error message when trying to modify the DocumentTitle.
Source: personal experience, sorry no official reference, if in doubt verify first.
How can I check user's role in workflow? I have a workflow it will send a mail to users if owner of created entity does not have sales manager role.
I assume this is a continuation of:
{Microsoft CRM 4.0} How to send e-mail to some users who has salesperson security role
What trouble are you having?
What have you tried?
Can you provide what code you've written for your workflow activity so far?