Security Role Privilege Example – Append To

Dustin Miner
posted on September 6, 2021March 15, 2022
Comments Off on Security Role Privilege Example – Append To

Consider the situation where an email needs to be sent from one business unit within an organisation to another business unit within the same organisation. In this example, Contoso Marketing and Contoso Sales represent the two business units. Also, for simplicity, each business unit is represented by a queue with an associated email alias.

When the email is generated, the two queues need to be appended to the ‘From’ and ‘To’ of the email.

Scenario 1

John Smith (who is within the ‘Contoso Marketing’ Business Unit) owns both queues. (In reality, he wouldn’t own the Contoso Sales queue but it’s been setup like this for the example)

John Smith is assigned the security role ‘Sales Manager’. For this role, the ‘read’ and the ‘append to’ privileges are set to the User access level.

Based on this configuration, when John logs into Dynamics 365 and triggers the workflow (that contains a ‘Send email’ step), both queues are successfully appended to the email.

Scenario 2

Now consider the situation where the owner of the Contoso Sales queue is changed to Jane Doe who is within the Contoso Sales business unit. When the workflow tries (and fails) to generate the email, the following dialog box is displayed to the logged in user (i.e. John Smith).

Within the workflow (that calls the ‘Send email’ action), the following error is generated.

The details of the error message are as follows:

Error Code = -2147187962
Object Id => the Contoso sales queue
Owner Id => Jane Doe
Calling User => John Smith
Calling Business Id => Contoso Marketing
Object Type Code: 2020 => Queue
Object Business Unit Id => Contoso Sales

What this means is since the queue is now owned by another person in another business unit, the security role access levels need to be increased to the Organization level. This will then allow John to again be able to associate the Contoso Sales queue to the email