Impersonate a user in Power Virtual Agents
In this article I am going to show you how to use impersonation in a Power Virtual Agent. In this example we are showing account records from Dynamics 365 Sales to which the logged on Sales user only has access to.
Another challenge from the Power Users community 🙂
How we can restrict the access to sales user so that they cant see the other’s record while chatting in PVA?
Power Users Community thread: Restrict sales user form accessing records which is not shared or assigned to user.
You could use the Microsoft Dataverse Web API with an HTTP request action and use the CallerObjectID. Microsoft has a nice article on this called How to impersonate a user. You could use the Azure Active Directory (AAD) object id of the user interacting with the PVA chat bot in that request.
Delegation for Jane Doe
While typically without delegation an admin or the same HTTP request would show the below list.
Before you start with the Power Automate flow and the Power Virtual Agent setup you need to make sure you enable authentication for your Power Virtual Agent. Otherwise you cannot retrieve the user id of the person which is interacting with the bot.
Also don’t forget to register an App in Azure Active Directory, you will need that for the HTTP action in the flow. Like mentioned earlier, Elaiza Benitez has written a nice blogpost about this, How to authenticate as an application with Microsoft Graph API with flow.
The flow steps
2. Add three Initialize variable actions. Below is a table with the name, type and value for each of the variables.
|| AccountNumber | Name |
3. Add an Append to string variable. Use the characters below as an separator between the headers and the rows of the table.
The bot steps
1. Create a new blank topic.
2. Give it a name, in this case Accounts. Add some trigger phrases. Via these you can interact with your topic. And save it. Go to the authoring canvas.
3. Add an Call an action. Select the flow you created earlier. Make sure you map the Bot.UserId to the flow with the UserId field
4. Add a message action. Use the ListRecords variable in the body of the message.
Testing the final result
You can publish the bot to the Microsoft Teams channel.
After that you can test it with Jane Doe. As you can see it will only list two accounts instead of all 5 accounts.