web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics CRM (Archived) / CRM 2015 Impersonating...
Microsoft Dynamics CRM (Archived)

CRM 2015 Impersonating as SYSTEM user in a custom workflow activity or custom action

(0) ShareShare
ReportReport
Posted on by Linn Zaw Win 3,407

I've gone through the following two forum threads and I learned that Workflows has special conditions and is designed to ignore the GUID you pass to the CreateOrganizationService.

https://social.microsoft.com/Forums/en-US/a78cf15b-835c-486c-a3f0-457825f47332/crm-2011-impersonating-a-user-in-a-custom-workflowdialog-activity

http://stackoverflow.com/questions/15982883/how-do-i-run-a-crm-2011-custom-workflow-activity-as-a-privileged-user

But currently, I am developing one custom action which requires SYSTEM user privilege to read some config data. And the problem is that impersonation by passing null to CreateOrganizationService (run as SYSTEM) works if the custom workflow assembly is registered in Sandbox isolation mode. But it's not working if the isolation mode is changed to None.

Is there any particular reason (or an article about that I can read) why the behaviour is different in different isolation mode?

Is there anyway to make it work on isolation mode "None"? (since I've got some actions in the code which cannot be run in Sandbox isolation mode)

*This post is locked for comments

I have the same question (0)
  • Stanley Lai Profile Picture
    Stanley Lai 295 on at

    Hi Linn,

    I had a similar issue in the fact I needed the custom workflow to modify records in that the current user who is running the workflow doesn't have privileges to update it.

    I had to get the GUID of the 'SYSTEM' user and then create the service from it.

    IWorkflowContext context = executionContext.GetExtension<IWorkflowContext>();
IOrganizationServiceFactory serviceFactory = executionContext.GetExtension<IOrganizationServiceFactory>();
IOrganizationService initialService = serviceFactory.CreateOrganizationService(context.UserId);
//Override context service with service created by SYSTEM USER so that WF will execute for operations where current users does not have permissions
IOrganizationService service = serviceFactory.CreateOrganizationService(GetSystemUserID("SYSTEM", initialService));


public Guid GetSystemUserID(string name, IOrganizationService service)
{
     QueryByAttribute queryUsers = new QueryByAttribute   
     {
          EntityName = "systemuser",
          ColumnSet = new ColumnSet("systemuserid")
     };

     queryUsers.AddAttributeValue("fullname", name);
     EntityCollection retrievedUsers = service.RetrieveMultiple(queryUsers);
     Guid systemUserId = ((Entity)retrievedUsers.Entities[0]).Id;

     return systemUserId;
 }


    This way the workflow is running under the the permission of the 'SYSTEM' user with FULL ADMIN privileges.

    I am working in MS CRM 2015 Online Update 1.

    In my instance I tried what your tried doing by passing 'null' to create my IOrganisation service object and this DID NOT work (workflow still ran under the current user's privileges)

    See if this works for on prem..

  • Eric benco Profile Picture
    Eric benco 320 on at

    This problem only exists when the Custom Workflow Assembly is registered as full trust (aka Isolation Mode: none)  and the workflow is running as a real-time process.   Since you can't run full trust with CRM Online this ONLY applies to CRM OnPrem.  I confirmed that this happens on CRM 2015 & CRM 2016.

    I've also seen this happen with Custom Actions that have Custom Workflow Activities.  

    I'm also looking for the reason for this.

    Workarounds;

    1) run in partial trust (aka Isolation mode: Sandbox)

    2) or run the workflow in the background

    3) or create a plugin to execute the action

  • Community Member Profile Picture
    Community Member on at

    Linn,

    How did you end up addressing the issue?  Appreciate if you could share the outcome.

    best wishes,

    harihar

  • Community Member Profile Picture
    Community Member on at

    Hi there,

    I had  exactly the same problem and  I spent  some time testing and playing with various settings,  ultimately, the solution was to pass NULL  to the  CreateOrganizationService method,  this  will actually have the effect of running the  crmService under the  SYSTEM account.  However,  very important!  the  custom workflow activity must be  registered in isolation mode (Sandbox), otherwise the code will still run under the user calling the  workflow.  

    Hope this helps!

  • Community Member Profile Picture
    Community Member on at

    Hi Lopez,  Thank you for sharing on you resolved the issue. Thank you -harihar

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > 🔒一 Microsoft Dynamics CRM (Archived)

#1
SA-08121319-0 Profile Picture

SA-08121319-0 4

#1
Calum MacFarlane Profile Picture

Calum MacFarlane 4

#3
Alex Fun Wei Jie Profile Picture

Alex Fun Wei Jie 2

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans