Dataverse – Page 19 – Nishant Rana's Weblog

Understanding Privilege Check and Shared Access in Dataverse / Dynamics 365

Let us understand this with a simple example.

We have the following 2 custom tables having a 1 – N relationship.

Project (1-n) Artefact.

The relationship behavior is Custom with Cascade All for all the actions except Delete.

User 1 is the System Administrator and Test User 1 has the Field Service Admin role but doesn’t have any roles that give him access to the project or artefact table.

We can see the tables are not showing up for Test User 1 in the app unlike User 1 with the System Admin role.

A screenshot of a computer

Description automatically generated

Now let us assign a custom security role – Test Sharing to test user 1 that gives him Organization Level rights on the Project table.

As expected, Test user 1 now has Projects appearing in the app, and as he doesn’t have any rights on the Artefact table, he cannot see it in the form or the app.

Now user 1 shares the Project 1 record with test user 1. Remember we have set Share as Cascade All in the relationship between Project and Artefact.

But still, because the user doesn’t have any privileges on Artefact, it doesn’t appear for Test User 1 on the form as well as the app.

Now let us update the Test Sharing Role and add Read Permissions – User Level for the Artefact table.

Now Test User 1 can see the Artefacts in the related records as well as the App.

We can observe 2 things here –

Although Test User 1 only has User-level Access to the Artefact, he can still see the Artefact records created by User 1, as the parent Project record is shared with Cascade All–Share in the relationship behavior.
And as Test User 1 has only Read access he can only view the artefact records shared.

Here if we update the Test Sharing role to provide Write access at User Level, the user will be able to edit the records.

Also right now if User 1 creates the Project 2 record with the related P2 A2 artefact record, Test User 1 will only have access to the Project 2 record because of Organization Access but not to the P2 A2 artefact record as he has only has the user-level access.

Let us now update the Relationship Behaviour between Project (1-n) Artefact, and set Share to Cascade None.

Let us share the Project 2 record with Test User 1 now through the User 1 account.

As expected even after sharing the Project 2 record, Test User 1 does not have access to the P2 A2 artefact record as we had updated the relationship behavior as Cascade None for Share.

The first check that the user needs to pass is the Privilege Check, which checks if the user has the required privileges for that table before the Shared Access check

A screenshot of a screenshot of a record

Description automatically generated

Also, Check – How access to a record is determined.

Hope it helps..

Advertisements

Flow Error – It hasn’t been triggered successfully in the last 28 days (Power Automate / Dataverse)

For one of our flows while testing we realized it was not getting triggered.

We could see it giving below error –

There’s a problem that needs to be fixed to trigger this flow – It hasn’t been triggered successfully in the last 28 days.

We tried a couple of things and I think either switching it on and off and/or updating the trigger condition and saving it temporarily seems to have fixed the issue. Either of these would have created the correct corresponding Callback registration records.

Also check – https://nishantrana.me/2023/08/08/fixed-power-automate-flow-not-getting-triggered/

https://powerusers.microsoft.com/t5/General-Power-Automate/There-s-a-problem-that-needs-to-be-fixed-to-trigger-this-flow-It/td-p/1128820

Power Automate Flows | ‘Callback Registration Expander’ System Jobs stuck at ‘Waiting For Resources’

Hope it helps..

Advertisements

Fixed – The latitude or longitude for the User record associated with this resource is invalid – Dynamics 365 Field Service /Dataverse

While trying to set the Start Location / End location to the Resource Address for Bookable Resource, we might get the below error

Exception Message: The latitude or longitude for the User record associated with this resource is invalid. Please provide a valid latitude and longitude and then set the start and end location for this resource again.

Here as the error message specifies we need to specify the latitude and longitude value for the corresponding resource type record associated with the Bookable Resource.

In the case of Contact, we can use the Geo Code option, and specify the address to populate the Latitude and Longitude details.

A screenshot of a computer screen

Description automatically generated

In the case of a User record we do not see the Geo Code option so there we can manually specify the values for it.

Now we will be able to update the Start / End Location as Resource Address in our Bookable Resource record, without getting any error.

Get more details on Geocoding

Hope it helps..

Advertisements

Fix the trigger – Microsoft.OData.ODataException: A binary operator with incompatible types was detected. Found operand types ‘Edm.Guid’ and ‘Edm.String’ for operator kind ‘Equal’ (Power Automate / Dataverse)

Recently in one of our flow triggers – When a row is modified (Dataverse), we got the below error

Exception parsing _msdyn_billingaccount_value eq ‘a84c5028-ecdf-ed11-a7c7-00224893b2b0’ submitted for attribute filterexpression of callback registration. Target entity: msdyn_workorder. Exception: Microsoft.OData.ODataException: A binary operator with incompatible types was detected. Found operand types ‘Edm.Guid’ and ‘Edm.String’ for operator kind ‘Equal’.

This is because we were using single quotes around the GUID value in the Filter rows property.

We need to remove the single quotes around the GUID

GUIDs are considered a primitive data type in OData and should be represented as raw values without quotes. By removing the single quotes, we’ll ensure that the GUID is treated as a valid identifier in our filter condition.

Hope it helps..

Advertisements

Portal does not load and displays “Server Error” or shows “Getting set up.. This might take a while” message -Portal Startup Issue (PowerApps Portal)

While trying to create a Website with Template – Partner Portal,

we observed the provisioning stuck at – Getting set up…

A white background with black text

Description automatically generated

Also, it was showing the below error on checking the Site Health.

“URL of the Dynamics 365 organization connected to this portal has been changed.” Which wasn’t the case as the URL of the organization was correct.

Usually, the 1st Web Site takes time around an hour and then any new website is provisioned within 15-20 minutes (as the common / base solutions are already installed). This was the first website for that environment, however, when it was more than 24 hours, we then raised a Microsoft Support Ticket for it.

Microsoft acknowledged this as a bug and also got the fix ready, but there was a delay in deploying it because of dependencies internally.

In parallel, they also provided us with a workaround, which fixed the issue for us.

The steps are as follows –

Create Web Site with the Customer Self-Service Portal template.
Create Web Site with the Partner Portal template.

If Customer Self-Service Portal is not needed, the website can be deleted then, followed by deleting the below Managed solutions specific to Customer Self-Service.

CustomerPortal (Dynamics 365 Portals – Customer Self-Service Portal)
MicrosoftPortalAutomate (Dynamics 365 Portals – Automate)
MicrosoftPortalEnhancedDMMigration (Dynamics 365 Portals – Enhanced DM Migration)
PortalSitewide_RPServiceApp (PortalSitewideRPServiceApp)

Also delete the website records created specific for Customer Self – Service Portal – https://www.youtube.com/watch?v=i9jeWaO93IM&ab_channel=EngineeredCode

We followed the above steps and got the Website with the Partner Portal template created successfully.

Hope it helps..

Advertisements

What will happen on changing the password of the user account used as the Owner of Cloud Flow and for Connection – Power Automate

Recently we had to change the password of the user account being used as an owner of the cloud flows as well as the used for connection/connection reference.

So we tried it on a trial environment first, below is our flow that runs every 5 minutes and creates a contact record (Dataverse), sends an email (Office 365 Outlook), and creates a file (SharePoint) owned by the same account along with the connection reference.

Below is our cloud flow

We can see the details around Connection References and Owner. We can also see it running successfully getting triggered after every 5 minutes.

Now let us update the password of the account that is being used in the flow.

Interestingly after password change our Flow kept running successfully without any errors.

Contact records are created in the Dataverse.

Mail sent using the Send an email action.

Files getting uploaded using the Create file action of SharePoint.

Also, we see the status of the connections showing as Connected.

It could be because Power Automate might be using cached credentials for a certain period after the password change, and/or the connections that use the refresh tokens to maintain authentication, have their tokens still valid.

https://www.itaintboring.com/powerapps/why-is-that-flow-still-working-after-i-have-changed-my-password/

Here what we can do immediately after changing the password is open the connections and click on Switch Account, sign in again using that account. That will referesh the connection.

That is exactly what we did for our Prod and other environments after we updated the password and we didn’t face connection failed issues or any other error for all our exiting flows.