You’re offline. This is a read only version of the page.
Announcements
15
A flow adds a record to dataverse, the record owner is set as the Flow execution service account.
Attempting to change, or set the owner to a user ID, only works if that users AD privilege is already reflected in the AAD Team
This can be forced if they use an app to add a record in the environment. I have now isolated the problem so it can be repeated.
Is there any way the user name can be forced from AD into the AAD team without them doing any dataverse activity?.
OR a way to override the default owner ID currently set as the Flow execution account.
Two attachments both show the initial successful record add to 'D003 Engagements'.
One fails as the 'T&S Power Apps' ID (which IS present in AD) has not been reflected in the Team group.
The same flow runs okay if the 'T&S Power Apps' ID is present in the Team group, as occurs if the user has used a screen App to add a record.
The owner setting is vital as users can only see the records they own. Desperate to fix as deploy pending to 300 users!Cheers, richard
[View:/cfs-file/__key/communityserver-discussions-components-files/117/PAD_2D00_23NOV22_2D00_123101_2D00_add_2D00_engagement_2D00_owner_2D00_change_2D00_succeed.txt][View:/cfs-file/__key/communityserver-discussions-components-files/117/PAD_2D00_23NOV22_2D00_122915_2D00_add_2D00_engagement_2D00_owner_2D00_change_2D00_fail.txt]
Happy to share the entire flow, it has been built based on issues with the production flow so only a few steps.
I will do next.
For now how would you do the validation from Automate, I couldn't find a way.
Second. How would you 'add' to the team which is aligned with AD?
Cheers, Richard
Could you share part of your flow? What you can try is add a validation to check if the user is part of the team. If it is, continue with the record owner change. Otherwise add it to the team and then continue wit record owner change.
Hi Luis,
Thanks for trying but it is not that straightforward.
User T&S power Apps is in the AD group, aligned to AAD teams group which is aligned to custom role on Engagements which has Owner restricted Read/Write.
When T&S Power Apps user can be 'seen' as surfaced in the AAD Group Screen then the Flow to change owner to them is successful.
If T&S Power Apps user cannot be 'seen' as they have not initiated a file access activity as a user then the Flow fails.
So you cannot manually reset the owner unless that can be seen in the AAD team Group.
The flow has been coded to prove this and it is repeatable.
1. Delete the AAD Team group name entry and the Flow fails.
2. Get T&S to add a record manually, so their name appears in the AAD Group and the Flow then works.
1&2 can be run and rerun, same issue.
Any thoughts please, cheers, Richard
Hello,
Do you have an additional process triggering?
On both requests the owner being set is a4796a5b-1961-ed11-9561-000d3adf70c0 which is "-svc-GOCS-ETHCO-PAD -svc-GOCS-ETHCO-PAD"
But the successful response is showing a8090e9b-0ace-eb11-bacc-000d3ab03cb4 (T&S Power Apps T&S Power Apps) as the owner.
Just being in the AD group will not give them the permissions they need, what security roles does "T&S Power Apps T&S Power Apps" has when this fails?
Could it be that you have a process to add them to the group when they add a record from the app? If so, should you validate that too in your flow?
You can manually set the owner of the record, you have to open the create action in the flow, look for the Owner column and enter the Guid that you want like this "systemusers/userGUID" or "systemusers(userGUID)"
#1
André Arnaud de Cal...
291,359
Super User 2024 Season 2
#2
Martin Dráb
230,370
Most Valuable Professional
#3
nmaenpaa
101,156
Share
Report
All responses (
Answers (
