Tips & Tricks | Impersonation


Impersonation is used to execute business logic (code) on behalf of another Dynamics 365 for Customer Engagement apps user to provide a desired feature or service using the appropriate role and object-based security of that impersonated user.

To impersonate a user, set the CallerId property on an instance of OrganizationServiceProxy before calling the service’s Web methods.

Workflow Impersonation

Background Workflow

  • In case Triggered workflow (create, update...) the workflow will run in the context of Workflow Owner/UserId
  • In case On-Demand the workflow will run in the context of Initiating User.

Real-time Workflow

  • In case Triggered workflow (create, update...) the workflow will run according to selected option in execute as:
- The owner of the workflow. (UserId)
- The user who made changes to the record. (InitiatingUser)
  • In case On-Demand the workflow will run in the context of Initiating User.

Plugin/Custom Step Impersonation

You can specify in your code which user context to execute business logic (code).

By default the context give you two options InitiatingUserid and Userid you can use either one of them or you can initialize your services using any system user according your business logic.

  • InitiatingUserid:

This is the user who performs the operation that triggers the plugin. If USER-A creates a record and a plugin/workflow is triggered on record create then the InitiatingUserid is USER-A.

  • Userid:

This contains the "run in user's context" users id that is set as a part of plugin/workflow creation. If the value is not set in a plugin step registration or a custom step in a context of On-Demand Workflow, then it equivalent to InitiatingUserid

Custom Step Impersonation

When you are calling a Dynamics Action or Real-time Workflow it will run in a context of the Initiating user. If you want to impersonate business logic (code) you will need to write you custom code to impersonate the logic.

Note: If you are going to Impersonate Custom Step in Action or Real-time Workflow you need to register it as Sandbox in order to work. If you need run the business logic (code) in a None Isolation Mode, you cannot do it with impersonation.

Workaround:

In case of Action register your code as a plugin and register a plugin step on a SDK Message for your {Action Name} now you can register you plugin in either Isolation Mode Sandbox or None.

  Sample Code

Impersonation Sample Code

////Plugin

IOrganizationServiceFactory serviceFactory = (IOrganizationServiceFactory)serviceProvider.GetService(typeof(IOrganizationServiceFactory));
IOrganizationService service = serviceFactory.CreateOrganizationService(UserId);
 

////CustomStep

IOrganizationServiceFactory serviceFactory = executionContext.GetExtension<IOrganizationServiceFactory>();
IOrganizationService service = serviceFactory.CreateOrganizationService(UserId);

Action with Plugin Sample Code

var context = executionContext.GetExtension<IWorkflowContext>();
 
////Use context.InputParameters[] to pass Action Input Parameters to your code.

var accountNumber= (string)context.InputParameters["Input Parameter Name ex: Account Number"];

////Use context.OutputParameters[] to pass a variable to your Action Output Parameters.

context.OutputParameters["Output Parameter Name ex: Account Name"]  = entity.Attributes["name"];

  References


https://docs.microsoft.com/en-us/dynamics365/customerengagement/on-premises/developer/org-service/impersonate-another-user

Popular posts from this blog

Tips & Tricks | Solution Layers [Remove Active Customization]

Tips & Tricks | Power Automate [Cognitive Services]

Tips & Tricks | Power Apps Community Plan [Development Environment]