Tag: PowerApps

How to – Create Administrative User Account for managing user / security roles, in Dynamics 365 / CRM


We recently wanted to create user accounts in CRM for managing users and their roles inside CRM, without accessing any of the data or functionality.

Below are the steps we can follow to achieve the same –

Login to Microsoft 365 Admin Center

https://admin.microsoft.com/#/homepage

Add a user

Temporarily assign the license to the user

In optional settings, specify either Global Admin or Dynamics 365 Administrator / Power Platform admin role.

And create the user.

Next,

Login to Power Platform Admin Center

https://admin.powerplatform.microsoft.com/

and navigate to [Environment] >> Settings >> Users

If the users is not yet synced try- https://nishantrana.me/2021/12/14/the-trick-to-force-trigger-user-sync-power-platform-dynamics-365/

Select the User and click on Client Access License (CAL) Information

Change it to Administrative and save the change.

Now back in Microsoft 365 Admin Center we can remove the license and the roles from the user’s account.

Back inside CRM the user will only have access to the Dynamics 365 – Custom app.

Inside app he gets the message No Read Privilege for data.

User will have access to following area within Settings

Inside Settings >> Security

The administrative user can see the users –

Basically when a Global or Power Platform admins having license are synced to the environment, they get the access mode of Read-Write and also System Administrator security role is assigned to them.

That is the reason why we need to change the access mode to Administrative after sync.

If they do not have license assigned, there access mode is still “Read-Write” after sync but no security roles assigned. Also the unlicensed Global and Power Platform admin will have access to the administrative areas.

Also we could create a new custom security role having access to “Security Role” table instead of assigning System Administrator or copy of system admin role.

https://docs.microsoft.com/en-us/power-platform/admin/prevent-elevation-security-role-privilege#assign-the-new-security-role-to-an-administrative-user

Get all the details here –

https://docs.microsoft.com/en-us/power-platform/admin/global-service-administrators-can-administer-without-license

Hope it helps..

Advertisements

How to – Share read-only links to records with any user in your organization – Dynamics 365 / CRM (Dataverse)


To enable quick sharing of the read-only link of the records to any users within the organization, log in to Power Platform Admin Center

Select the Environment > Settings > Privacy + Security


Switch On the Enable Sharing option


This option currently works on the Contact, Account, Opportunity, and Case table.

It enables the option of sending the link to the record with

  • People in the organization with the link
  • Specific People

apart from

  • People with existing access.

Clicking on the Copy link opens the below model dialog box –

Clicking on People with existing access opens the below options –

  • People in your organization with the link
  • Specific people (disabled)

Here we have selected “People in your organization with the link

This enables any user (even if he has no CRM License or Dynamics 365/ Power Platform Role assigned) with the link to open the record as read-only.

This is how the record has opened for the user having no access to CRM but having the link to the record. (read-only)

Similarly, Email Link opens the Send Link dialog box, which allows us to select either a User(s) or Team(s) and define the content of the message as shown below

Clicking on Send opens the email in the default Mail Client associated

Here also we have the option to select either People in your organization with the link and Specific People


Get more details –

https://docs.microsoft.com/en-us/power-platform-release-plan/2022wave1/power-apps/easy-record-sharing

Hope it helps..

Advertisements

Fixed – You do not have prvReadmsdyn_personasecurityrolemapping permission to access Persona Security Role Mapping records. Contact your Microsoft Dynamics 365 administrator for help


Recently one of the users, while accessing a few of the System User’s views, was getting the below error.

You do not have prvReadmsdyn_personasecurityrolemapping permission to access Persona Security Role Mapping records. Contact your Microsoft Dynamics 365 administrator for help.

There were a few System users’ views that were working fine.

The user had the Security Role = System Administrator, however, the Access Mode was set to Administrative.

Changing the Access Mode to Read-Write fixed the issue.

Hope it helps..

Advertisements

Security Enhancements – 24 hours maximum user session timeout in Dynamics 365 / CRM


With recent security enhancements in Customer engagement apps, the maximum user session timeout of 24 hours is removed.

https://docs.microsoft.com/en-us/power-platform/admin/user-session-management#user-session-timeout-management

Now it uses the Azure AD Session Policy to manage user session timeout, which by default has Azure AD refresh token expiration set as 90 days.

https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-configurable-token-lifetimes#refresh-and-session-token-lifetime-policy-properties

Refresh toke lifetime and expirationhttps://docs.microsoft.com/en-us/azure/active-directory/develop/refresh-tokens#refresh-token-lifetime

Use Configuring sign-in frequency in Conditional Access to define the periods before a user is required to sign-in again – https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-session-lifetime

Earlier the default session timeout used to be 24 hours with 20 minutes for warning the user – https://nishantrana.me/2017/11/17/configure-session-timeout-and-inactivity-timeout-dynamics-365/

However, we can still override the default Azure AD Session policy, by setting the session timeout and/or inactivity timeout for the individual environment.

To set the same navigate to –

Environments > [Environment] > Settings > Privacy + Security in Power Platform Admin Center.

Specify appropriate values and save the changes.

Get all the details here –

https://docs.microsoft.com/en-us/power-platform/admin/user-session-management#configure-session-timeout

Hope it helps..

 

Advertisements

Sample Code to Test and Enable Mailbox programmatically C# (Dynamics 365/CRM)


Suppose we want to Test & Enable Mailbox of the below user programmatically.

We can see the below notification for the disabled mailbox.

This mailbox is disabled for email processing. For more information, see the alerts.

Below is the sample code –

On running the code, we can see the notification removed and the mailbox for the user enabled successfully.

C# Code –

      CrmServiceClient svc = new CrmServiceClient(ConnectionString);

            if (svc.IsReady)
            {
                var mailBox = new Entity("mailbox", new Guid("C88A539A-F493-EC11-B400-000D3A4F37D3"));

                // testemailconfigurationscheduled = Indicates if the email configuration test has been scheduled for a mailbox record
                mailBox.Attributes["testemailconfigurationscheduled"] = true;

                svc.Update(mailBox);

Hope it helps..

Advertisements

How to – Stop Synchronization of Task / Appointment through System View using Sync Filter Manager


In the previous post, we saw how we can create a user filter (outlook) for a particular user and apply the same to other users through Sync Filter ManagerXrmToolBox plugin.

https://nishantrana.me/2022/03/29/how-to-stop-synchronization-of-task-appointment-between-dynamics-365-and-outlook/

In this post, we’d achieve the same through System View.

Here we have created below System View on Tasks entity/table.

The Created On Doesn’t Contain Data False Condition will make sure none of the records of the task are synced.

Open the Sync Filter Manager, navigate to the System Views tab and click on Load System Views

Select the new System View- Task Filter which we created earlier and click on Create – System Synchronization Filter Template from selected view(s)

Select Outlook Template for System Rule Type

We are presented with the option to specify the user(s) to who we want to apply the new template.

If we select Yes, we get the Select users dialog box to select the user(s).

Inside the Synchronization Filters Templates tab, we can click on Load Synchronization Filter Templates to list down all the outlook templates.

We can see our custom template listed there.

From there again we apply it to the user(s) or define it as the default filter.

After applying Define as default, we can see the custom filter applied to the new users. It won’t be applied or make changes to the filters of the existing users.

So for the existing users, we have to explicitly apply this filter using Apply to users option

As the last step, we need to disable or delete any other filter on the task, to make sure that we only have the new filter applied.

On disabling the filter, we can see their status updated as inactive.

Lastly, we can only delete Custom Outlook Template, if we try deleting any default out of the box template we will get the below error.

E.g. on trying to delete the My Tasks default filter, we will get the below error

“Error while deleting selected records: SavedQuery My Tasks for otc 4212 cannot be deleted”

Check other posts on Synchronization –

Hope this helps..

Advertisements