Skip to main content

Notifications

Copilot Studio - Calling Actions from Copilot S...
Unanswered

Restrict sales user form accessing records which is not shared or assigned to user

(0) ShareShare
ReportReport
Posted on by 2

I have created a PVA chat bot. In that we are calling an action and action is referring an order entity. In that entity sales user is not  having access to all the order records but when sales user is trying to access the records through PVA then sales user can see other records also which is not assigned or shared with sales user.

How we can restrict the access to sales user so that they cant see the other's record while chatting in PVA?

Categories:
  • Expiscornovus Profile Picture
    Expiscornovus 31,113 on at
    Re: Restrict sales user form accessing records which is not shared or assigned to user

    Hi @vpathak,

     

    1. Make sure you enable authentication for your Power Virtual Agent.

     

    pvabotauth.png

     

    2. Create a flow with a When Power Virtual Agents calls a flow trigger action. Add a text UserID input field to that action.

     

    userid_input.png

     

    3. Use a HTTP action like I showed in my earlier post. Use the UserID field for the CallerObjectId in the Header section.

     

    userid_object.png

    4. In your Topic setup make sure you map the Bot.UserId to the flow with the UserId field

     

    botuserid_listmyrecords.png

  • vpathak Profile Picture
    vpathak 2 on at
    Re: Restrict sales user form accessing records which is not shared or assigned to user

    Thanks for your reply.

    Could you please let us know how I can pass callerobjectid for different such user who has record based access to entity..

  • Expiscornovus Profile Picture
    Expiscornovus 31,113 on at
    Re: Restrict sales user form accessing records which is not shared or assigned to user

    Hi @vpathak,

     

    One approach could be to impersonate the user in your request.

     

    You could use the Microsoft Dataverse Web API with an HTTP request action and use the CallerObjectID with the Azure Active Directory (AAD) object id of the user interacting with the PVA chat bot.

     

    Here is an example in the Microsoft Docs about user impersonation:

    Impersonate another user using the Web API (Microsoft Dataverse) - Power Apps | Microsoft Docs

     

    Below is a screenshot of such a query in Power Automate. 

     

    callerobjectid_userimpersonation.png

     

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Microsoft Kickstarter Events…

Register for Microsoft Kickstarter Events…

Announcing Our 2025 Season 1 Super Users!

A new season of Super Users has arrived, and we are so grateful for the daily…

Announcing Forum Attachment Improvements!

We're excited to announce that attachments for replies in forums and improved…

Leaderboard

#1
WarrenBelz Profile Picture

WarrenBelz 145,495

#2
RandyHayes Profile Picture

RandyHayes 76,287

#3
Pstork1 Profile Picture

Pstork1 64,822

Leaderboard

Featured topics