Check user permissions/roles in Copilot Studio in D365F&O
Subhad365
19
User Group Leader
Like
Share
ReportYou have created a Copilot Topic that is capable of creating Sales Orders, using Copilot Sidecar. But wait. Want to check if the associate who is creating the sales orders using Copilot, is at all, entitled to do so? Does he have the necessary role assigned to him? And how do you think, could you check that? Of course, one possible way is to create a X++ Plugin to check the same and call it in Copilot Studio topic, but hang on! 😊
I have another cool way to do the same, without writing any code. It’s just comparing between
It's fun, fast and easy.
Interested? Please read along the mentioned steps.
By the way this user is just a system user, and doesn’t have any right to create anything, leave alone creating sales orders or customer:
And the response that I am getting from the Copilot is:
Now let me assign the necessary rights back to the user:
Now let me try to reload the page of the user and let him ask the same question: Can I create a customer? To which the system responds like this:
Not only the system says that yes, you can – but also it’s prompting you to create a customer.
Let me now run you through the steps to implement this.
Keep adding as many triggering phases you want, to make the topic much more intuitive.
Define a string variable called ‘NecessaryRolesNeeded’ and it’s a conglomeration of all the roles that are needed for creating sales orders/customer:
Where you are concatenating all the roles that are needed by the following formula:
Concatenate(“Role1”, “,”, “Role2”, “,”, “Role3”, “,”, “Role4”…and so on)
This you can hardcode (which is not at all a bad idea, as for a given functionality we always know which/what are the roles we would need).
And then I am getting the rights/roles of the logged user as a Table variable by calling:
Global.PA_Copilot_ServerForm_UserContext.securityRoles
Which would give you back a table of user roles like this: [“Role1”, “Role2”…and so on]. Note that it’s a table, not a string variable – and hence consequently it needs to be parsed. Hence, we are declaring a variable called ‘UserAssignedRoles’ and it has the following code:
Using Concat, we are stripping out the values of the table values, in comma separated answers, instead of arrays.
Where UserRoles and SystemRoles are two variables which I have defined in the prompt, that looks like:
We are asking the prompt to compare these two lists and if any match found, answer in Yes, else No.
I am storing the outcome in a Record variable called ‘Result’ and I am using the text part of this Result in the below step to evaluate if the user has access or not:
And you guessed it right: if it’s Yes, then the Copilot sends a message saying that: yes, you have the right, and you can embed a Quick reply like this:
This is where I am calling in the Topic to create the customer: ‘Create a customer’. This topic I already have created, and hence when the user is going to click on this hyperlink, it says:
Whereby you can continue with giving further instructions to create the customer, thereby.
And then calling this topic from the main topic like this:
The above figure shows how can you call the Role-checker topic from the Customer creation topic and coming back with an answer: Yes or No. If Yes, it will allow the user to create the Customer, else if will stop the user there itself.
I have another cool way to do the same, without writing any code. It’s just comparing between
It's fun, fast and easy.
Interested? Please read along the mentioned steps.
What am I trying to do
I am creating a new topic that lets the user ask:By the way this user is just a system user, and doesn’t have any right to create anything, leave alone creating sales orders or customer:
And the response that I am getting from the Copilot is:
Now let me assign the necessary rights back to the user:
Now let me try to reload the page of the user and let him ask the same question: Can I create a customer? To which the system responds like this:
Not only the system says that yes, you can – but also it’s prompting you to create a customer.
Let me now run you through the steps to implement this.
Step 1
Let us begin with creating a topic like this:Keep adding as many triggering phases you want, to make the topic much more intuitive.
Define a string variable called ‘NecessaryRolesNeeded’ and it’s a conglomeration of all the roles that are needed for creating sales orders/customer:
Where you are concatenating all the roles that are needed by the following formula:
Concatenate(“Role1”, “,”, “Role2”, “,”, “Role3”, “,”, “Role4”…and so on)
This you can hardcode (which is not at all a bad idea, as for a given functionality we always know which/what are the roles we would need).
And then I am getting the rights/roles of the logged user as a Table variable by calling:
Global.PA_Copilot_ServerForm_UserContext.securityRoles
Which would give you back a table of user roles like this: [“Role1”, “Role2”…and so on]. Note that it’s a table, not a string variable – and hence consequently it needs to be parsed. Hence, we are declaring a variable called ‘UserAssignedRoles’ and it has the following code:
Using Concat, we are stripping out the values of the table values, in comma separated answers, instead of arrays.
Step 2
Next we are going to compare the user roles with the necessary roles. For that let me define a prompt like this:Where UserRoles and SystemRoles are two variables which I have defined in the prompt, that looks like:
We are asking the prompt to compare these two lists and if any match found, answer in Yes, else No.
Step 3
And I am calling this prompt from the Copilot and passing on the variables from the above steps like this:I am storing the outcome in a Record variable called ‘Result’ and I am using the text part of this Result in the below step to evaluate if the user has access or not:
And you guessed it right: if it’s Yes, then the Copilot sends a message saying that: yes, you have the right, and you can embed a Quick reply like this:
This is where I am calling in the Topic to create the customer: ‘Create a customer’. This topic I already have created, and hence when the user is going to click on this hyperlink, it says:
Whereby you can continue with giving further instructions to create the customer, thereby.
Alternative approach
Alternately you can also call the above mentioned Topic from another topic and check if the user has access or not. Suppose in the sales order creation topic, you can call this topic and get back the answer by declaring the Result variable as a Returnable variable:And then calling this topic from the main topic like this:
The above figure shows how can you call the Role-checker topic from the Customer creation topic and coming back with an answer: Yes or No. If Yes, it will allow the user to create the Customer, else if will stop the user there itself.
*This post is locked for comments