Control Dynamics 365 Workflow Execution with Security Roles

Control Dynamics 365 Workflow Execution with Security Roles

Dynamics 365 workflows allow organizations to automate processes without writing code. This is a great tool for companies because automation can be implemented without time consuming custom development. Workflows can do great things in the right hands, but can also be harmful when used incorrectly. Naturally, a company may want to limit execution of only certain processes to certain users or teams. By default, Dynamics has a couple of broad options in terms of limiting workflow execution to certain groups of users. But with a little creativity you can apply very granular level of security to these processes using a combination of a workflow and security role.

One scenario in which you might want to further limit the ability to run a workflow is in a case where the workflow would update a Contact record. If the update is to be done only by certain users, you would want to ensure that no one else could execute this workflow.

In this article, I will explain how to apply an additional layer of security which dictates who can execute workflows in CRM. This goal will be achieved with a very useful CRM Solution called “Dynamics 365 Workflow Tools“. I will create a workflow that checks the executing user’s security role. If the user’s role equals “Salesperson”, the workflow will end the process. If it is not, it will continue executing as normal.

Download and Install Dynamics 365 Workflow Tools Solution

  1. Navigate to this URL:
  2. Download the latest zip file
  3. Import the solution file into your CRM organization.

Create Workflow

This workflow will start by checking if the user is in the role you specify.

  1. Add a new step titled “Check User in Role”

  1. Click “Set Properties” and choose the Salesperson security role and then Save & Close

  1. Add a check condition and set the following properties

  1. Now add an action if the user has the Salesperson security role. You can add as many conditions as you like. The finished product should look similar to this

Now we should activate the workflow and test to verify if this works.

First Test:

First, test with a user account that has the Salesperson security role active. Check the process sessions of the workflow to check the execution steps after running the workflow.

As you can see, the workflow correctly identifies that my user has the Salesperson security role. Consequently, it acts according to the logic I have defined.

Second Test

Next, let’s check to see that a user without a Salesperson security role can bypass the security check. I’ll test this with a user account that does not have the Salesperson role.

In this scenario, the check condition returns false. As a result, the default action executes.

Hopefully, you can see that with a little extra work you can gain significant security advantages. This effort should pay off in helping to secure your CRM environment. Most of all it will save you the headache of fixing a problem created by users accidentally running the wrong process.

By | 2018-02-21T20:05:45+00:00 November 13th, 2017|Uncategorized|1 Comment

About the Author:

Philip Frederick
Philip is an experienced CRM System Administrator and IT Business Analyst. As a TrellisPoint Technical Consultant, he provides clients with expert CRM system consulting and training that enables business results.

One Comment

  1. Allison Walters October 31, 2018 at 10:19 pm - Reply

    We’ve been using this, but just ran into an issue. Whenever we use an OOTB security role with this solution, we cannot export/import the solution to another system, as the GUID for the security role is different. It looks like we’d likely have to change all references to a custom role, then manually change them all back after import. Is there another solution to this you can think of? Thank you!

Leave A Comment