![\"Access](\"https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2024\/06\/Access-Management-using-Power-Automate-Flows-in-dynamics-365.png\")
<\/p>\n<\/p>\n
In Dynamics, managing access to sensitive data is handled through security measures such as role-based permissions. Security roles and access management play a significant role in ensuring that the right individuals have access to the appropriate information. To grant access to particular records, users with Share permissions typically navigate to the respective record and click on the “Share” button as shown below.<\/p>\n
![\"Access](\"https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2024\/06\/Access-Management-using-Power-Automate-Flows-1.png\")
<\/p>\n
A common scenario arises when a sales manager needs to grant specific record access to a salesperson who doesn’t have the necessary permissions. The changes made by the sales manager may leave the salesperson unaware of their newly granted access, potentially leading to a loss in productivity. To resolve this issue, we can use access triggers introduced in Power Automate. These triggers activate whenever there is a change in user access for a particular record.<\/p>\n
To improve this process, we can automate it by sending access notifications through email messages. By setting up a Power Automate flow, we can establish a notification system that triggers whenever access is granted, modified, or revoked for a particular user regarding specific records.<\/p>\n
In this blog, we will utilize the example of a sales manager granting\/modifying\/revoking the permission of a salesperson in a lead record. To achieve this, we will need to create three different Power Automate flows, each of which is explained below.<\/p>\n
The GrantAccess<\/strong> action is triggered whenever full access, including Read, Write, Append, Append To, Delete, Share, and Assign permissions, is granted to the user for a specific record.<\/p>\n Let\u2019s see how we can create a Power Automate flow for that:<\/p>\n Step 1:<\/strong> Create a Power Automate flow and select the trigger point as \u201cWhen an action is performed<\/strong>\u201d. Select the Catalog<\/strong> and Category<\/strong> as All<\/strong>, and Table<\/strong> as Lead<\/strong>. Select the Action name<\/strong> as GrantAccess<\/strong>.<\/p>\n Initialize the AccessMask<\/strong> and leadID<\/strong> Variable by clicking on add action and searching for initialize variable<\/strong>. Set the value for each variable as shown below:<\/p>\n Step 2<\/strong>: Validate the above variable values and retrieve Lead, Access Modified User, and Target User Information by using the Get a Row By ID<\/strong> action in Microsoft Dataverse connector as shown below:<\/p>\n Step 3:<\/strong> As we have retrieved all the necessary details, we can now send an email to the user informing them that they have full access to the record, as shown below. To send the email, we are using the Outlook connector. Essentially\u00a0press\u00a0on “Include\u00a0an\u00a0activity”<\/strong> and\u00a0look\u00a0for “Send an\u00a0e-mail,”<\/strong> as\u00a0illustrated\u00a0underneath.<\/p>\n Now, enter the To<\/strong> as the primary email address of the target user and the Subject<\/strong> and Body<\/strong> as shown below.<\/p>\n This flow triggers whenever specific access i.e. Read, Write, etc. is granted or revoked for a particular user under specific records.<\/p>\n When we look at the JSON output of the trigger action from the power automate, we can see the AccessMask in JSON data, which is the addition of all access values which has been given to the user as shown below.<\/p>\n Following are the access values for all permissions:<\/p>\n Let\u2019s say if we give a user Read and Write access, the AccessMask value will be 3. To check if the user has any specific permissions, we can use a basic calculation. First, divide the AccessMask value by the permission value (either Read or Write shown above). At that point, apply the modulo operation by 2 (which is nothing but the leftover portion returned after isolating by 2). If the remainder is 1 or greater than 1, the permission is granted. If the remainder is 0, the permission is not granted.<\/p>\n Imagine you have a user with Read and Write access, you would get the Access Mask as 3. Here’s how you can identify if specific permissions (Read or Write) are granted to the user.<\/p>\n To check if each permission is granted, follow these steps:<\/p>\n For Read Permission:<\/strong><\/p>\n 1. Divide the Access Mask Value by the Read Permission Value:<\/p>\n 2. Apply the Modulo Operation (remainder when divided by 2):<\/p>\n 3. Interpret the Result:<\/p>\n For Write Permission:<\/strong><\/p>\n 1. Divide the Access Mask Value by the Write Permission Value:<\/p>\n 2. Apply the Modulo Operation (remainder when divided by 2):<\/p>\n 3. Interpret the Result:<\/p>\n So, in this case, both Read and Write permissions are granted to the user based on the calculated values. This process helps us determine whether specific access permissions are granted or not for a given Access Mask value. Let’s implement this in the Power Automate and see how we can check if the permission is granted or not.<\/p>\n Step 1<\/strong>: The triggered step and variable declaration will be the same as we have used in Step 1 of GrantAccess <\/strong>flow; the only change is that the action name will be ModifyAccess<\/strong>.<\/p>\n Step 2<\/strong>: Initialize boolean variables for all access permissions and set the respective expressions as shown below:<\/p>\n IsReadPermissionGranted = if(equals(mod(div(variables(‘AccessMask’), 1), 2), 1), true, false)<\/p>\n IsWritePermissionGranted = if(equals(mod(div(variables(‘AccessMask’), 2), 2), 1), true, false)<\/p>\n IsAppendPermissionGranted = if(equals(mod(div(variables(‘AccessMask’), 4), 2), 1), true, false)<\/p>\n IsAppendToPermissionGranted = if(equals(mod(div(variables(‘AccessMask’), 16), 2), 1), true, false)<\/p>\n IsDeletePermissionGranted = if(equals(mod(div(variables(‘AccessMask’), 65536), 2), 1), true, false)<\/p>\n IsSharePermissionGranted = if(equals(mod(div(variables(‘AccessMask’), 262144), 2), 1), true, false)<\/p>\n IsAssignPermissionGranted = if(equals(mod(div(variables(‘AccessMask’), 524288), 2), 1), true, false)<\/p>\n Step 3<\/strong>: Now we have all permission values as Boolean. We can check if the value is true, and then the access is granted; otherwise, the access is revoked as shown below:<\/p>\n This flow triggers whenever all access of the user has been removed from the specific record.<\/p>\n The flow is almost similar to the Grant Access flow<\/strong>, apart from some modifications mentioned below:<\/p>\n By following the steps for creating Power Automate flows to notify users about access changes, organizations can not only improve productivity but also strengthen security measures by maintaining clear visibility and control over data access. <\/p>\n <\/p>\n <\/p>\n <\/p>\n About Sam Kumar<\/strong><\/p>\n Sam Kumar is the Vice President of Marketing at Inogic, a Microsoft Gold ISV Partner renowned for its innovative apps for Dynamics 365 CRM and Power Apps. With a rich history in Dynamics 365 and Power Platform development, Sam leads a team of certified CRM developers dedicated to pioneering cutting-edge technologies with Copilot and Azure AI the latest additions. Passionate about transforming the CRM industry, Sam\u2019s insights and leadership drive Inogic\u2019s mission to change the \u201cDynamics\u201d of CRM.<\/p>\n More about\u00a0Sam Kumar<\/a><\/p>\n <\/p>\n <\/p>\n <\/p>\n <\/p>\n","protected":false},"excerpt":{"rendered":" In Dynamics, managing access to sensitive data is handled through security measures such as role-based permissions. Security roles and access management play a significant role in ensuring that the right individuals have access to the appropriate information. To grant access to particular records, users with Share permissions typically navigate to the respective record and click\u2026 Read More »<\/a><\/span><\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[16,1985],"tags":[1989],"class_list":["post-38419","post","type-post","status-publish","format-standard","hentry","category-dynamics-365","category-power-automate","tag-power-automate-flows"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.inogic.com\/blog\/wp-json\/wp\/v2\/posts\/38419","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.inogic.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.inogic.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.inogic.com\/blog\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/www.inogic.com\/blog\/wp-json\/wp\/v2\/comments?post=38419"}],"version-history":[{"count":0,"href":"https:\/\/www.inogic.com\/blog\/wp-json\/wp\/v2\/posts\/38419\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.inogic.com\/blog\/wp-json\/wp\/v2\/media?parent=38419"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.inogic.com\/blog\/wp-json\/wp\/v2\/categories?post=38419"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.inogic.com\/blog\/wp-json\/wp\/v2\/tags?post=38419"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}![\"Access](\"https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2024\/06\/Access-Management-using-Power-Automate-Flows-2.png\")
<\/p>\n![\"Access](\"https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2024\/06\/Access-Management-using-Power-Automate-Flows-3.png\")
<\/p>\n![\"Access](\"https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2024\/06\/Access-Management-using-Power-Automate-Flows-4.png\")
<\/p>\n\n
![\"Access](\"https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2024\/06\/Access-Management-using-Power-Automate-Flows-5-e1718779159404.png\")
<\/p>\n![\"Access](\"https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2024\/06\/Access-Management-using-Power-Automate-Flows-6.png\")
<\/p>\n\n
![\"Access](\"https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2024\/06\/Access-Management-using-Power-Automate-Flows-7.png\")
<\/p>\n![\"Access](\"https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2024\/06\/Access-Management-using-Power-Automate-Flows-8.png\")
<\/p>\n![\"Access](\"https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2024\/06\/Access-Management-using-Power-Automate-Flows-9.png\")
<\/p>\n2. Notify the user when Access is Modified for Lead records:<\/strong><\/h2>\n
![\"Access](\"https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2024\/06\/Access-Management-using-Power-Automate-Flows-10.png\")
<\/p>\n![\"Access](\"https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2024\/06\/Access-Management-using-Power-Automate-Flows-11.png\")
<\/p>\n\n
\n
\n
Step-by-Step Calculation<\/strong><\/h4>\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
![\"Access](\"https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2024\/06\/Access-Management-using-Power-Automate-Flows12.png\")
<\/p>\n\n
![\"Access](\"https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2024\/06\/Access-Management-using-Power-Automate-Flows-13.png\")
<\/h2>\n3. Notify the user when Access is Revoked for Lead records:<\/strong><\/h2>\n
![\"Access](\"https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2024\/06\/Access-Management-using-Power-Automate-Flows14.png\")
<\/p>\n\n
![\"Access](\"https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2024\/06\/Access-Management-using-Power-Automate-Flows15.png\")
<\/h2>\nConclusion:<\/strong><\/h2>\n
![\"\"](\"https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2023\/08\/Want-to-Find-More-Effective-Ways-to-Chat-collaborate.gif\")
<\/a><\/p>\n