Impersonate another user
Applies to Dynamics 365 for Customer Engagement apps version 9.x
Impersonation is used to execute business logic (code) on behalf of another Dynamics 365 for Customer Engagement apps user to provide a desired feature or service using the appropriate role and object-based security of that impersonated user. This is necessary because the Dynamics 365 for Customer Engagement Web services can be called by various clients and services on behalf of a Dynamics 365 for Customer Engagement apps user, for example, in a workflow or custom ISV solution. Impersonation involves two different user accounts: one user account (A) is used when executing code to perform some task on behalf of another user (B).
User account (A) needs the privilege
prvActOnBehalfOfAnotherUser, which is included in the Delegate security role.
The actual set of privileges that is used to modify data is the intersection of the privileges that the Delegate role user possesses with that of the user that is being impersonated. In other words, user A is allowed to do something if and only if user A and the impersonated user (B) have the privilege necessary for the action.
Impersonate a user
Deployment specific options
Impersonation using a user account in the
PrivUserGroup in Active Directory is no longer supported in the on-premises environment. In our ongoing design enhancement of the security protocol, we developed a better and more secure impersonation method. The new method calls for using a Dynamics 365 for Customer Enagement apps user and a Dynamics 365 for Customer Engagement apps security role. With this method, the user’s privileges are managed through Dynamics 365 for customer Engagement apps and activities are logged for the user. Please see the following table for details.
|Deployment Type||Deployment Type Strategy|
|Online||- Use the special application user described in Build web applications using Server-to-Server (S2S) authentication to control the privileges that the Dynamics 365 for Customer Engagement apps user has access to.
- Grant the application user a security role that includes privileges for the tasks this user will perform on behalf of other users and the
|Create a new Dynamics 365 user with a security role which includes the
Authenticate Users with Dynamics 365 for Customer Engagement Web Services
Implement Single Sign-on from an ASPX Webpage or IFRAME
How Role-Based Security Can Be Used to Control Access to Entities In Dynamics 365 for Customer Engagement apps
Sample: Impersonation using the ActOnBehalfOf privilege