Dynamics 365 Upgrade Issue – All users now have access to all Business Process Flows

I found an issue with the upgrade to Dynamics 365 which specifically causes issues for customers who have multiple business units and multiple business process flows.

Each business unit had their own business process flows for their sales processes. And each business unit only had access to their business process flows. Everyone was happy.

Then the Dynamics 365 upgrade occurred and users suddenly had access to all the business process flows from all business units. Obviously, this caused issues for end users who should only see their specific business process flow.

The issue was something Microsoft did by design. They changed how the security works for the Business Process Flows.

Prior to the D365 upgrade you would assign security roles to each Business Process Flow, just like you do for Forms. Simply click on the Enable Security Roles and select the roles that have access to that business process flow, as shown here:

After the D365 upgrade this button changed on the Business Process Flow form. “Enable Security Roles” was replaced by the “Edit Security Roles” button shown here:

The business process flows are now treated like an entity and security is handled the same way. If you want to grant access to a business process flow go to the security roles and set permissions on the roles that should have access. If you create a new business flow it will create a new entity in the background and you will need to set user access to this new flow via the security roles; again, just like you would do for a new custom entity.

This change gives you more granular control over the security for the business process flows. If you look at the security roles you have a new tab:

This issue only affected companies with multiple business units and multiple business process flows who were upgraded from Dynamics CRM 2016 to Dynamics 365. As part of the transition to the new security model Microsoft gave full permissions to all existing business process flows to all security roles in the system. Which explains why the users suddenly started seeing more than their one business process flow.

To fix the problem I had to go into each security role and adjust the permissions to the all the business process flows.

The good thing is that any new business process flow added after the upgrade by default has no permissions, just like when you create a new entity. So going forward this won’t be an issue.

But if you had multiple business units with multiple business process flows in place before the upgrade this could affect you.

To learn more about Dynamics 365 contact Cargas Systems, a certified Microsoft Dynamics 365 CSP offering software, services, and support that help improve your business processes.

By Dave Packard