Hi,
I'm currently developing a POC for a client to prevent end users to use third party browser extensions to impersonate themselves and make actions that they are not suppose to.
In order to achieve this, our plan is to remove from their security roles the privilege prvActOnBehalfOfAnotherUser.
We have done some testing and it works, at least for "Level Up for Dynamics 365/Power Apps", the most used one.
My worry from here is possible collateral damage. It seems like real-time workflows, when set to be executed as the owner of the workflow,
they are being executed as the owner BUT on behalf of the triggering user, as it can be seen in the Audit History
It becomes weirder as real-time workflows seem to be working properly when the privilege is not granted for the triggering user.
My question is, are the triggering user really acting on behalf of the owner, and if so they do not need the privilege for this specific scenario?
Can I go further with the POC without worrying about this possible downside?
Thanks!
I'm currently developing a POC for a client to prevent end users to use third party browser extensions to impersonate themselves and make actions that they are not suppose to.
In order to achieve this, our plan is to remove from their security roles the privilege prvActOnBehalfOfAnotherUser.
We have done some testing and it works, at least for "Level Up for Dynamics 365/Power Apps", the most used one.
My worry from here is possible collateral damage. It seems like real-time workflows, when set to be executed as the owner of the workflow,
they are being executed as the owner BUT on behalf of the triggering user, as it can be seen in the Audit History
It becomes weirder as real-time workflows seem to be working properly when the privilege is not granted for the triggering user.
My question is, are the triggering user really acting on behalf of the owner, and if so they do not need the privilege for this specific scenario?
Can I go further with the POC without worrying about this possible downside?
Thanks!
Categories:
291,280
