Finding out about Daryl’s love of reading with his children, why we should push our limits, an amusing driving story involving woodchucks, and why exactly he denied new laptops to everyone in the company!
If you’d like to come appear on the show, please sign up at http://bit.ly/2NqP5PV – I’d love to have you on it!
Click here to take a look at the other videos that are available to watch.
Today’s post is around record security, and how Power Automate can really be quite useful with this!
Let’s take a quick recap of how security works (which is applicable to both Dynamics 365, as well as Power Platform apps). We have the following:
Security roles, which are set up with specific privileges (Create/Read/Update/Delete etc) across each entity table, as well as for other system permissions
Users, who can have one (or more) security roles applied to them (security roles being additive in nature)
Teams, who can have one (or more) security roles applied to them. Users are added into the team, and inherit all permissions that the team has (much easier than applying multiple roles on a ‘per user’ basis)
That’s great for general security setup, but it does take a system admin to get it handled. Alternatively, of course, it’s possible to use AAD Security Groups which are connected to security teams within Power Platform, and users added to them will inherit the necessary permissions.
But what if we want to allow users who aren’t system administrators to allow other users access to the records? Well, it’s also possible to share a specific record with another user – doing this allows the second user to see/access the record, even if they usually wouldn’t be able to do so. This is really great, but does require a manual approach (in that each record would need to be opened, shared with the other user/s, and then closed).
I’ve been working on a project recently where we have the need to share/un-share a larger number of records, but with a different user for each record. We’ve been looking into different ways of doing this, and obviously Power Automate came into mind! We didn’t want to use code for this, for a variety of reasons.
The scenario we had in mind was to have a lookup to the User record, and with populating this with a user, it would then share the record with them. This would be great, as we could bulk-update records as needed (even from an integration perspective), and hopefully all would work well.
So with that, I started to investigate what options could be available. Unfortunately, there didn’t seem to be any out of the box connectors/actions that could be used for this, which was quite disheartening.
My next move was to look at the user forums, & see if anyone had done anything similar. I was absolutely excited to come across a series of responses from Chad Althaus around this exact subject! It turns out that there’s something called ‘Unbound Actions’, which is perfect for the scenario that we’re trying to achieve.
There are two types of actions available within Power Automate:
Bound actions. This are actions that target a single entity table or a set of records for a single entity table
Unbound actions. These aren’t bound to an entity type and are called as static operations. They can be used in different ways
There are quite a lot of unbound actions available to use:
It does require some JSON input, but when formatted correctly, it shows along the following lines:
The different parts of this works as follows:
Target is the actual record we’re wanting to apply the action to
SystemUserID is the actual system user, and we also need to specify the odatatype
AccessMask is what we’re wanting to do when sharing the record (as there are different options available for sharing, ie ReadOnly, Edit, ShareOnwards, etc)
Using this, we’ve therefore built out the following scenario:
Field added to the record, looking up to Users
Relevant users who are able to access the record can set this lookup field to be a specific user record (who doesn’t have access to this record)
Power Automate flow fires on the update of the record when it’s saved (filtering on just this attribute), sharing the record with the selected user
The user then gets an email to notify them that the record has been shared with them, with a URL link to it (it’s somewhat annoying that there’s no inbuild system notification when a record has been shared with you, but I guess that’s something we’re having to live with!)
They can then go in & access the record as they need to
We’ve also given some thought to general record security, and have additionally implemented the following as well:
If the user lookup value is changed, we obviously share the record with the new user that’s been saved to it
Using a different Unbound Action (RevokeAccess), we remove the sharing of the record with the previous user (we have another field that’s being updated with the value of it, which we’re using to pass the action in, as otherwise we don’t actually know who the previous user was!)
All in all, we’re quite happy that we’ve managed to come up with this solution, which is working splendidly for us. Also, major thanks to Chad for his assistance in getting the syntax correct!
Have you ever needed to do something like this? Did you manage to implement it in some way? Drop a comment below – I’d love to hear how your experience was!
This is something that stumped me fairly recently. It’s also something that I was trying to work out what I should use at the title for this post! Let me share what happened.
I’m working on a project that’s quite critical (COVID-19 related). This is a project that we’ve built something around Dynamics 365 as an additional wrapper, to provide specific functionality for the pandemic. It’s being rolled out (the same solution) to multiple clients, and is only using the functionality from Power Platform. No custom code at all.
Now, before going into the specifics around it, let’s take a moment to revisit what a lookup field is, and what it does. Essentially a lookup field connects two tables together (wow – that felt strange not to use the word ‘entity’!). In the front interface, it’s used for a 1:N relationship.
So for example, we can have a lookup from Account to Contact, to set the primary contact for the account. The user navigates to the field, searches for the record they’re wanting to associate, and saves it.
Underneath, there’s a relationship that’s automatically created between the two tables, showing the way that the relationship will go (ie 1:N or N:1). This is created on both sides (more on that another time around dependencies), and most people will never need to modify it
When I first started with this particular project, I got the solution, and deployed it into the Dev environment (for the project that I was on). On testing it out, I found something very interesting. We’re using the Case (Incident) table, and there are various lookup fields on it. One of these was already populated with a value. Hmm – that’s interesting, I thought. It was a new deployment, and we hadn’t set any static data up yet at all. So how could it already be populated?
Furthermore, I was unable to save the Case record. When I tried to, I was getting an interesting error:
On drilling down into the error log (which admittedly is actually getting better in the details shown in it, thankfully!), it turned out to be because I didn’t have access to the referenced record (in the lookup field). It just didn’t exist.
So the lookup field value was coming in with a hard-coded GUID (record identifier). But how was this being done, especially if there weren’t any records (of that type) in the system at all?
From my experience of things, I could think of two ways in which to populate a lookup field with a hard-coded value:
Through a ‘real-time’ Power Automate flow, on create of the record. It’s possible to set a GUID value in the flow, and then it would be set
Through custom code, running on the form. Again, it’s possible to hard-code a GUID there, and then set the field
However on checking both options, none of them were happening. No Power Automate flows touching the Case record, and no custom code at all on the Case.
It was then, digging through the other parts of the solution, that I saw various Business Rules. For those unfamiliar with these, I’ll quote from the official Microsoft documentation around them:
By combining conditions and actions, you can do any of the following with business rules:
Set column values
Clear column values
Set column requirement levels
Show or hide columns
Enable or disable columns
Validate data and show error messages
Create business recommendations based on business intelligence.
I’ve used Business Rules (somewhat extensively) before. However on going into the one for the Case table, I found that something was happening that I wasn’t aware could happen! It’s actually possible to set a lookup field value through it:
Even though we’ve deployed the solution from the original development environment to a different environment, this is still set. But there are no records that are available:
I had never thought that it would be possible – to set a static value (eg a number, or some text), fine. But to set referential data? Wow.
Obviously this can be quite helpful. The bit that it’s NOT helpful though is when deploying the solution to another environment (as this situation was). It doesn’t help if you re-create the record that it’s referring to with using the same record name, as it’s using the underlying GUID (which you can’t re-create). This really does take solution deployment into a whole new perspective, where you need to be careful around these sorts of things as well.
So something new that I’ve learned (I do try to learn something new each day), and specifically around an area I thought I knew quite well. It did take some time, but I’m glad that I (finally) found the root cause of it, and identified what was causing it.
Have you ever had something like this happen, where you’re searching & searching for the cause of it? Drop a line below – I’d love to hear!
Talking about how online gaming can empower & connect families, as well as what ‘might just happen’ when editing a solution (unmanaged!) directly in Production
If you’d like to come appear on the show, please sign up at http://bit.ly/2NqP5PV – I’d love to have you on it!
Click here to take a look at the other videos that are available to watch.
Sharing the joys of go-carting, car racing, Larry also cover how important correct communications (in the context of the conversation) is to everything in life!
If you’d like to come appear on the show, please sign up at http://bit.ly/2NqP5PV – I’d love to have you on it!
Click here to take a look at the other videos that are available to watch.
One of the things that customer service agents absolutely HATE is having to type full replies to customers. There are many things that they’ll do which are quite repetitive, and having to type the same response each & every time gets frustrating to say the least.
As I’ve covered previously at Quick Responses in Omnichannel, Omnichannel has the ability for Quick Replies. With these, agents are able to select the response that they’re wanting to use, and quickly populate it into the chat session that they’re having.
It’s also possible, using ‘slugs’, to set up responses that will automatically populate with specific pieces of information in the system. For example, something like ‘Good morning, my name is {Agent Name}, how may I assist you?’ will automatically populate the name of the agent into the chat session.
This is great; the main drawback to date has been that Omnichannel administrators are required to set these up, as well as maintain them. That’s not so great, when you consider that agents might want to personalise their responses as well. To date, that’s not able to be done within the system.
However, with Wave 2 2020, it’s now possible to allow agents to create their own quick replies, to be able to be used within chat sessions. It’s also not particularly difficult to go about getting this into the system, as we’ll see below.
The Omnichannel Administrator simply needs to go to the Personal Quick Replies section, and change the toggle to ‘Yes’, then save. This will enable personal quick replies for agents simply & swiftly.
Once the system setting has been set, and is active (it can take a few minutes to refresh through), agents are then able to start setting up their own quick replies.
To do this, agents will need to be in the Omnichannel for Customer Service app, and select the Personalisation option from the drop-down menu:
This will then open the agent personalisation tab, which has several different sections on it. The first one is the one that we’re interested in – Personal Quick Replies:
Here will list any personal quick replies that have already been set up by the agent, as well as give the option to create further ones to use:
Clicking this option brings up the familiar interface to set this up:
Note: Personal quick replies aren’t localised in Omnichannel. That’s why you need to select a Locale for the record. To be able to provide the quick response in multiple languages, create a specific response for each language, and select the locale that’s appropriate for it
Once the record is saved, it’s then possible to add tag/s to it for referencing:
Note: If you want to use the hash character (#), you can only use it at the beginning of the tag, not anywhere else in it
Once these have saved, they’re then available to be selected from the chat by the agent. The chat interface will show both system & personal quick replies. Typing ‘/q’ into the chat window will bring these up:
We can select the tab at the top to show just the personal quick replies that the agent has set up:
Alternatively, if the agent starts searching with text, they can easily distinguish between system & personal quick replies by looking at the icon against each one. System replies have a globe-style icon, whereas personal replies have a person-style icon:
So in summary, I think that this is a really great feature to add onto the original way of quick replies working. It’ll free up time for the Omnichannel Administrators, and allow agents to put their own responses in that they need. It’s also possible to share this using the OOB record sharing functionality, which means that a team lead can set them up, and then share them with the rest of the team!
How do you think this could enable or help you? Drop a comment below – I’d love to hear!