web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
Explore Copilot Studio Forums, Blogs & Galleries!
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Apps / C# Azure AD Secured We...
Power Apps
Unanswered

C# Azure AD Secured WebAPI - Create DataVerse Table Record as application user without losing initial user information

(0) ShareShare
ReportReport
Posted on by MarkuZ 8

Hello community,

 

as described in subject im currently creating a C# WebAPI using ServiceClient of Microsoft.PowerPlatform.Dataverse.Client Nuget package.

 

Goal:
- Create a record using AAD-App-Credentials for a user who does not have permission to dataverse table without losing data, which user initially executed my web api call.

So if i understand it correctly, i need to use CreatedBy + CreatedByDelegate fields. 
CreatedBy/ModifiedBy = Real User who executed web api call
CreatedByDelegate/ModifiedByDelegate = App User

I only achieve this if both objects (AAD-User + AAD-App) have Write-Access to DataVerse table. It does not work, if the user who called my api does not have direct permissions to create records.

Is there any way to achieve my goal? 

What i tried right now:
crmServiceClient = new ServiceClient(cert, StoreName.My, null, new Uri("https://{EnvironmentUrl}"), true, null, "{ClientId}", null, null);
--> this creates record as app

 

crmServiceClient.CallerId --> Setting this does not do anything

crmServiceClient.CallerAADObjectId --> Setting this throws exception as the user i set has no permission in dataverse.

 

Any ideas on how to achieve this or is this scenario even possible? 

Categories:
Microsoft Dataverse with Power Apps
I have the same question (0)
  • ChrisPiasecki Profile Picture
    ChrisPiasecki 6,422 Most Valuable Professional on at

    Hi @MarkuZ ,

     

    What you're experiencing is as-designed. By setting the CallerAADObjectId field, you are impersonating the user and effectively running the operation with the privileges of that user, so if the user doesn't have permissions to the table, it will fail. 

     

    You can simply try setting the CreatedOnBehalfBy or ModifiedOnBehalfBy to your user who triggered the execution. Don't set the CallerAADObjectId and impersonate, you want it to execute as your application user.

     

    Here are the fields where you can override the system behavior:

    Field Override/on behalf field Behavior

    Created On

    (createdon)

    Record Created On

    (overriddencreatedon)

    		 When overriddencreatedon is set, createdon will be updated to the overridden date and overriddencreatedon will be the actual date. So in the UI you will see the custom Created On.

    Created By

    (createdby)

    Created On (delegate)

    (createdonbehalfby)

    		 Created By will always be the actual user, but the act on behalf user will be set in createdonbehalfby

    Modified By

    (modifiedby)

    Modified By (delegate)

    (modifiedonbehalfby)

    		 Same as createdonbehalfby

     

     

    ---
    Please click Accept as Solution if my post answered your question. This will help others find solutions to similar questions. If you like my post and/or find it helpful, please consider giving it a Thumbs Up.

  • MarkuZ1995 Profile Picture
    MarkuZ1995 15 on at

    You mean i can simply add createdonbehalfby to my Updatevalues-Dictionary? What Type of value i have to set?

     

    Is it some kind of EntityReference? If yes - reference to which table? 

  • ChrisPiasecki Profile Picture
    ChrisPiasecki 6,422 Most Valuable Professional on at

     

    Yes, the createdonbehalfby Lookup would be set to an Entity Reference. You can call the method .ToEntityReference() on the User Entity object.

     

    ---
    Please click Accept as Solution if my post answered your question. This will help others find solutions to similar questions. If you like my post and/or find it helpful, please consider giving it a Thumbs Up.

    Hi @MarkuZ1995,

  • MarkuZ Profile Picture
    MarkuZ 8 on at

    Tried it but still no success.

    I'm setting field "createdonbehalfby" to EntityReference
    Table: "systemuser"
    ID: "{systemuserid}"-Field of the desired record/user-dataset

     

    Result: createdonbehalfby-Field of created record is just null.

     

    What am i missing/doing wrong?

  • ChrisPiasecki Profile Picture
    ChrisPiasecki 6,422 Most Valuable Professional on at

    Hi @MarkuZ

     

    Apologies, I got mixed up. The created by delegate and modified by delegate are read-only, they can only be set by the system and is set when impersonation happens (whether via the web API as you are attempting or a Plugin that runs as a specific user). In this scenario, the created on or modified on will be set to the impersonated user, and the created by delegate or modified by delegate will be set to the account that did the impersonation (application user). 

     

    Because of this, the user you are impersonating needs to have privileges to write to that table.

     

    ---
    Please click Accept as Solution if my post answered your question. This will help others find solutions to similar questions. If you like my post and/or find it helpful, please consider giving it a Thumbs Up.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
Explore Copilot Studio Forums, Blogs & Galleries!

Quick Links

Forum hierarchy changes are complete!

In our never-ending quest to improve we are simplifying the forum hierarchy…

Ajay Kumar Gannamaneni – Community Spotlight

We are honored to recognize Ajay Kumar Gannamaneni as our Community Spotlight for December…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Apps

#1
WarrenBelz Profile Picture

WarrenBelz 717 Most Valuable Professional

#2
Michael E. Gernaey Profile Picture

Michael E. Gernaey 329 Super User 2025 Season 2

#3
Power Platform 1919 Profile Picture

Power Platform 1919 268

Last 30 days Overall leaderboard

Featured topics

Auto-Populate field Power Pages
Gallery Tabs - Show or Hide Tabs based on Field Value
How to patch multiple records at once
Enable Copilot for end users in model-driven apps
Question for everyone : How are you using Create Text GPT in AI Builder?
Community content - sample components, blogs etc. - Link to this page (http://aka.ms/PCFdemos)
Welcome to the Power Apps forum!

Product updates

Microsoft Power Platform Community release plans