Skip to main content

Notifications

Calling Actions from Copilot Studio
Unanswered

Restrict sales user form accessing records which is not shared or assigned to user

Posted on by 2

I have created a PVA chat bot. In that we are calling an action and action is referring an order entity. In that entity sales user is not  having access to all the order records but when sales user is trying to access the records through PVA then sales user can see other records also which is not assigned or shared with sales user.

How we can restrict the access to sales user so that they cant see the other's record while chatting in PVA?

Categories:
  • Expiscornovus Profile Picture
    Expiscornovus 29,254 on at
    Re: Restrict sales user form accessing records which is not shared or assigned to user

    Hi @vpathak,

     

    1. Make sure you enable authentication for your Power Virtual Agent.

     

    pvabotauth.png

     

    2. Create a flow with a When Power Virtual Agents calls a flow trigger action. Add a text UserID input field to that action.

     

    userid_input.png

     

    3. Use a HTTP action like I showed in my earlier post. Use the UserID field for the CallerObjectId in the Header section.

     

    userid_object.png

    4. In your Topic setup make sure you map the Bot.UserId to the flow with the UserId field

     

    botuserid_listmyrecords.png

  • vpathak Profile Picture
    vpathak 2 on at
    Re: Restrict sales user form accessing records which is not shared or assigned to user

    Thanks for your reply.

    Could you please let us know how I can pass callerobjectid for different such user who has record based access to entity..

  • Expiscornovus Profile Picture
    Expiscornovus 29,254 on at
    Re: Restrict sales user form accessing records which is not shared or assigned to user

    Hi @vpathak,

     

    One approach could be to impersonate the user in your request.

     

    You could use the Microsoft Dataverse Web API with an HTTP request action and use the CallerObjectID with the Azure Active Directory (AAD) object id of the user interacting with the PVA chat bot.

     

    Here is an example in the Microsoft Docs about user impersonation:

    Impersonate another user using the Web API (Microsoft Dataverse) - Power Apps | Microsoft Docs

     

    Below is a screenshot of such a query in Power Automate. 

     

    callerobjectid_userimpersonation.png

     

Helpful resources

Quick Links

Welcome to the Power Platform…

We are thrilled to unveil the newly-launched Power Platform Communities!…

Getting Started…

Welcome to the Power Platform Community! We appreciate your visit…

Welcome to the new Power Platform Community!…

We are excited to announce our new Copilot Cookbook Gallery in the Community…

Leaderboard

#1
WarrenBelz Profile Picture

WarrenBelz 138,006

#2
RandyHayes Profile Picture

RandyHayes 76,308

#3
Pstork1 Profile Picture

Pstork1 63,059

Leaderboard

Featured topics