Form Access Checker in new Power Apps Form Designer | Model-Driven Apps in Dynamics 365

Most of us have been used to using the classic form designer as of now. And the Power Apps UI which is in https://make.powerapps.com/ has some important new features.

We create forms and we then have to explicitly make sure we have assigned them correct Security Roles and added them to the Apps correctly.

So the new Power Apps Form Designer has a very useful feature called as Form Access Checker. Let’s look at it

A Form & An App

  1. Let’s say we have a custom/Unmanaged Form called as ‘Management Form’.

  2. And an App called as ‘Management App’.

  3. And it has Contact entity with 2 Forms added.

  4. And here are the 2 forms – Contact (OOB) and Management Form (Custom)

Form Access Checker

The Form Access Checker answers 2 questions at once – Let’s look at this feature

  1. Open the form and go to Form Settings.


  2. In the Form Properties, look for Form access checker.


  3. Now, select the Security Role you want to check for and then the App you want to check. The Form Checker will show the Forms which satisfy either and both the criteria.


    Now with only Salesperson role, below are the forms which are applicable. Note that the App is not yet selected.

  4. Now, if you choose the App – the Form that matches both these will be selected.

  5. And it’ll show only the Forms which are applicable to both criteria. (Notice that the form we added in the Management App didn’t show up)

  6. Now, let’s give the Management Form we added Salesperson Security Role and see it satisfy the above criteria. You can now assign Roles to a Form within the Form designer itself.

  7. And if you check again, you’ll be able to conclude that the App we are looking for has both these forms for the Security Role you want to check




Hope this helps. Here are some more Dynamics 365 related posts you might want to check out –

  1. Use Rich-Text Control for Multiple Lines of Text in Dynamics 365 CE | Quick Tip
  2. Ribbon button visibility based on a field value in Dynamics 365 | Ribbon Workbench
  3. Find deprecated JS code used in your Dynamics 365 environment | Dynamics 365 v9 JS Validator tool | XrmToolBox
  4. Make On-Demand Flow to show up in Dynamics 365 | Power Automate
  5. Track and Set Regarding are disabled for Appointments in Dynamics 365 App For Outlook message | Demystified
  6. Get GUID of the current View in Dynamics 365 CRM JS from ribbon button | Ribbon Workbench
  7. Remove ‘This Email has been blocked due to potentially harmful content.’ message in Dynamics 365 Emails | OrgDbSettings utility
  8. Find Created On date of solution components in Solution Layers | Dynamics 365 [Quick Tip]
  9. Pass Execution Context to JS Script function as a parameter from a Ribbon button in Dynamics 365 | Ribbon Workbench
  10. Dynamics 365 App For Outlook missing on SiteMap in CRM? Use shortcut link [Quick Tip]

Thank you!!

D365 PSA: Restrict Project access only to their Project Managers

Out-of-the-box PSA’s Project Manager security role provides complete access to even other Project Managers. But then, what if you want to bring down the access of the Project Managers to their own Projects only?

Remember, access in D365 PSA is provided for Owner (ownerid) field and not Project Manager (msdyn_projectmanager) field.

PSARoleRestrict

Scenario

Now, I don’t want a Project Manager to have access to others Projects and looks like this can’t be controlled from the Security Level perspective, given the Project Manager is a separate field than Owner of the Project.

So, I’ll limit the access to only the User level (the one who created the record would have the access, obviously)

PSARoleRestrict2

But this remove the access from even the Project Managers since they don’t own the Projects. To overcome this, I’ve written a simple plugin to provide access to the Project Manager whenever they are updated by Sharing and giving PMs the access.

For this, I’ve written a plugin code that will grant all permissions to the Project Manager of that Project and I would like to share this with you all to consume it.

GitHub Project

Here’s the GitHub repository I’ve created which has the plugin code and the Unmanaged Solution that contains only the plugin assembly and the registered step –

Link: D365PSA-PMAccessRights

gitProj

The D365 Unmanaged Solution resides here –

unmanagedSoln

This will work in the following scenarios –

  1. When a Project Manager is changed from Person A to Person B, the access rights of Person A will be removed and granted to Person B.
  2. You can even create a trigger field and use an on-demand workflow to set the trigger. This trigger should be included in the filtering attributes of the plugin step to update the existing records.

This will provide access to the Project Manager of the Project automatically apart from the Owner so that they see/access only Projects that concern them
accessGiven

Make sure no other security role is overriding your restricted access.

Hope this helps! 🙂

D365 Quick Tip: Can’t add members to the default Business Unit Team

I would like to share a consideration I take while designing Teams that you might need to make certain records shareable. I faced an issue once when users started to use Default Teams created on Business Units.

And after several months, it occurred that some users from other Business Units too needed to be on that Team. And several records were already assigned to BU provided Default Teams.

Scenario

  1. Priyesh belongs to Southeast Asia BU and Somesh belongs to North America BU.
  2. Some records were assigned to North America team which is the Default Team created by BU..
  3. Priyesh wanted to be in the North America Team.
    addPriyeshToNA

    So adding North America to Teams under the user Priyesh, but I get the below error
    error

That is because you cannot add Default Teams to users in some other BUs.

Workaround

As a workaround, I only created a new Team and named it “<BU Name> – Shareable” team and assigned records to this team so that I know where I want the records to be visible as per my Security Roles setup.

structure

And hence, added the North America – Shared team for Priyesh.
addedAlternative

I would also like to hear your suggestions and any workarounds you may have. Thanks! 😊