Impersonate another user
Impersonation is used to execute business logic (code) on behalf of another Dynamics 365 for Customer Engagement user to provide a desired feature or service using the appropriate role and object-based security of that impersonated user. This is necessary because the Dynamics 365 for Customer Engagement Web services can be called by various clients and services on behalf of a Dynamics 365 for Customer Engagement user, for example, in a workflow or custom ISV solution. Impersonation involves two different user accounts: one user account (A) is used when executing code to perform some task on behalf of another user (B).
More information can be found in the Common Data Service topic Impersonate another user.
User account (A) needs the privilege
prvActOnBehalfOfAnotherUser, which is included in the Delegate security role.
The actual set of privileges that is used to modify data is the intersection of the privileges that the Delegate role user possesses with that of the user that is being impersonated. In other words, user A is allowed to do something if and only if user A and the impersonated user (B) have the privilege necessary for the action.
Impersonate a user
Deployment specific options
Impersonation using a user account in the
PrivUserGroup in Active Directory is no longer supported in the on-premises environment. In our ongoing design enhancement of the security protocol, we developed a better and more secure impersonation method. The new method calls for using a Dynamics 365 for Customer Enagement apps user and a Dynamics 365 for Customer Engagement (on-premises) security role. With this method, the user’s privileges are managed through Dynamics 365 for Customer Engagement (on-premises) and activities are logged for the user. Please see the following table for details.
|Deployment Type||Deployment Type Strategy|
|Create a new Dynamics 365 user with a security role which includes the
Authenticate Users with Dynamics 365 Customer Engagement Web Services
Implement Single Sign-on from an ASPX Webpage or IFRAME
How Role-Based Security Can Be Used to Control Access to Entities In Dynamics 365 Customer Engagement (on-premises)
Sample: Impersonation using the ActOnBehalfOf privilege