Tip #842: Strange security results? Check teams

I created two dashboards and assigned each one to a different security role. However, users without the roles assigned to the dashboards are seeing both dashboards. What’s going on?

Whenever I come across an unexplainable security test result in Dynamics 365, the first thing I do is check the teams assigned to the users in question. In most cases, the unexpected result is caused by user being a member of a team that has a security role that grants the user access to application components to which their user roles do not.


  • Don’t use the same roles for team security and user security.
  • Limit the team role permissions to only the privileges needed by the team.
  • Consider separating the roles used by users and teams from the roles used to grant access to role based forms and dashboards–this will prevent unintentional sharing of the role based components with users and teams that should not see them.
Tweet about this on TwitterShare on FacebookShare on Google+

Tip #840: Shared personal views and charts on mobile

One of the limitations of the Dynamics 365 (and 2016) mobile app is personal charts and views shared with another user do not display in that user’s mobile app. Saved personal views and charts that I own (or that a team on which I’m a member owns) do display in the mobile app.

As a workaround, if you have personal views or charts that you want to be available on mobile for a group of people, instead of sharing the views and charts with them, create a team, add all of the people to the team, and assign the personal views and charts to the team. That will make these items available on the team members’ mobile devices. And don’t forget to add yourself to the team, otherwise you will lose access to your views and charts.

Tweet about this on TwitterShare on FacebookShare on Google+

Tip #839: Convert workflow into action

HomeomorphismMy friend Mehmet “Sputnik” Ozdemir is insane. When he asked me how to convert a long and tedious workflow into an action, instead of painstakingly reproducing it step-by-step, I told him that it’s not possible, he’s dreaming and the only sensible thing to do is to call that workflow from the newly minted action.

Did I mention he’s insane? Because he managed to come up with the instructions on how to convert a workflow into an action. Sounds too good to be true? Well, actually it does work every time in 83% of the cases. Readers digest version:

  • Start with a realtime workflow. Convert an asynchronous into a realtime. Less chances of failure.
  • Backup the orgs
  • Create a temp solution (let’s call it: Workflow To Action Conversion)
  • Add the existing Workflow that you want to convert to an action into this solution (eg: Generate Sales Metrics)
  • Create an empty action in the temp solution (eg: Generate Sales Metrics Action)
  • Export the solution (WorkflowToActionConversion.zip)
  • Extract WorkflowToActionConversion.zip and browse to Workflow folder
  • If everything has gone to plan you should have two files in here that correspond the workflow and the empty action. Open both *.xaml files into a tabbed editor (I like Notepad++)
  • In the Action*.xaml file search for: <mva:VisualBasic.Settings>Assembly references and imported namespaces for internal implementation</mva:VisualBasic.Settings>
    Select this line and everything below it and replace it with the same section from the Workflow*.xaml file. Save the Action*.xaml file.
  • Put the Action*.xaml file back into the WorkflowToActionConversion.zip
  • Import the WorkflowToActionConversion.zip
Tweet about this on TwitterShare on FacebookShare on Google+

Tip #838: Fantasy Sales Team vs. Gamification

When looking at solutions available for my Dynamics 365 organization, I saw that there were two solutions available for Gamification. “Fantasy Sales Team” and “Gamification.”

So what is the difference between these solutions? Does “Gamification” include all of the functionality in Fantasy Sales Team?

Scott Durow to the rescue:

FST was essentially a preview and should no longer be used – Gamification replaces FST and is fully supported. There are some nice UI improvements but the biggest thing for me is that logins are now controlled using O365 rather than a separate username/password.

Other reasons to use the new Gamification solution:

  • Total players (sum of all games): From 250 in FST to 15 Simultaneous Games with 500 players each in Gamification
  • Expanded Roles:  From a user being locked into a Player or Fan role to determining the role by game (e.g. Player in one game, fan in another)
  • KPI Manager Role in CRM:  The ability for a non-admin user (e.g. Sales Manager) to create KPIs
  • Default KPIs: 10 default KPIs to get from install to first game in minutes
  • Quick Setup: From install to active in minutes rather than the 24-48 delay in FST
  • Enabling Public Stream in StreamTV
  • Upgraded User Interface including responsive UI for mobile devices
  • Single Sign On with Office 365 / Dynamics 365
  • Multi Language Support
Tweet about this on TwitterShare on FacebookShare on Google+

Tip #837: How to find out what’s new in portals

Wanted to know what’s in the latest Microsoft Portals release but were afraid to ask? Fear no more and point your browser to a kb article Portal Capabilities for Microsoft Dynamics 365 Releases.

Now we only need to pursuade the other teams like Field Services and PSA to do the same.

And I’m out of words at this point – that must be my shortest tip ever.

Tweet about this on TwitterShare on FacebookShare on Google+

Tip #836: Where are my mobile stacked components?

My production CRM Online environment was upgraded to Dynamics 365 last week, and I was very excited to use the new stacked UI on mobile. If you haven’t heard, Dynamics 365 mobile will now display multiple dashboard charts on the same screen in mobile, reducing the amount of left/right swiping users must do when viewing dashboards on mobile.

IMG_0992However, when I logged in the next morning after my upgrade, I still saw the old “one chart per screen” view. What gives?

Turns out that when the mobile app is connected to a CRM 2016 environment that is upgraded, the new “compact” view is disabled by default.

Here’s how to enable it:

  • Click the home button to go to the start screen.
  • Tap the (…) button in the lower right corner.
  • Tap Settings.
  • Tap “Contact View.”
  • Toggle “Stacked Components” to Enable
  • Click OK.

You will now enjoy a more productive, less “swipey” Dynamics mobile experience.

Tweet about this on TwitterShare on FacebookShare on Google+

Tip #835: “Owner equals current user” in Microsoft Flow

On the most recent episode of CRM Audio we discuss using Microsoft Flow to create a task in Wunderlist when a task is assigned to me in Dynamics 365. On the surface, this looks like an easy process. Have a flow triggered when a task is created in Dynamics, have a condition that ownerid=me, and then create the task.

After trying this and failing miserably, I knew something was missing. I tried “ownerid = Joel Lindstrom” and “ownerid = [my user id GUID in CRM]”, and neither would work.

Thanks to a helpful example from David Yack, I learned the error of my ways.

Instead of specifying the ID of the user, the follow approach will actually work.

  • When a task is created.
  • Add a step to get current user’s O365 profile.
  • Add a step to get the CRM user record of the task owner in Dynamics
  • Add a condition to compare an attribute of the user record with the same field on the O365 user profile. In this example I used primary email address.
  • If they match, create your task.


Though this is a few more steps than my original failed attempt, it is actually better, as it doesn’t hard code the user name or ID.

Tweet about this on TwitterShare on FacebookShare on Google+

Tip #834: Avoiding SQL Server timeouts when deleting records

Once upon a time, CRM wouldn’t delete records when you pressed the kill switch. It would mark the records for deletion and quietly eradicate them in the darkness of the night. But, hey, the said, we now have better servers, they said, and our SQL Servers are much smarter, they said, and gave us a real delete bullet to go with every button push.

It all works well until you have a large number of child records that need to be deleted alongside with the parent and a large number of the relationships that need to be cleared up. Then you may get the evil “SQL Server Timeout” error. While most of the timeout errors are outside of your control, and generally difficult to isolate, timeouts during the deletes can be dealt with.

  1. Find out the relatinship(s) that is causing all the drama. You can make an educated guess by looking at number of the related records and then doing some dry runs to see if you can summon the SQL Server Timeout error.
  2. Create a new status reason for the record, something like Pending Delete.
  3. Instead of deleting the record, set its status to Pending Delete. You can do it by replacing Delete button with something like Submit for Delete that would run a simple script setting the status of the record. Use Ribbon Workbench, naturally, to create the button. Alternatively, just tell users to set status reason to Pending Delete.
  4. Create a recurrent batch delete job that finds and deletes related records where parent has that magic status. This is what the job might look like for the Invoice Products (yes, I was part of the implementation where invoices frequently contained 3-5 thousand line items). Canceled status is used instead of Pending Delete in this instance.Bulk delete invoice details
  5. Follow that with another recurrent batch delete job that deletes Pending Delete records that do not have any related records. I know, it’s a big ask (suggested merely 6 years ago). You can try manually creating a view with NOT IN clause (using XrmToolbox, for example) and then using that view as a base for the bulk delete job. It may or may not work so you can cheat the system by only deleting the parent records that were modified before yesterday. Or create a rollup field counting children and only delete parents where this field is zero. Or something else.

Seal of approvalThe outcome is a reliable record deletion system that avoids the timeouts and gives back control to the user almost instantly. Win-win.

Tweet about this on TwitterShare on FacebookShare on Google+