I’d built numerous Microsoft CRM Workflows since Microsoft CRM v1.0. In my mind – Microsoft CRM Workflow would be the ideal design approach to use if it can meet the automation requirement. During a recent Microsoft CRM System Administrator training, I had an opportunity to discuss about the Microsoft Workflow Scope and Security settings. Here are the details:
Under the Microsoft Dynamics CRM Security Role, Customization tab, there is a "Workflow" entity to set security privileges on. This setting controls the Workflow privileges for CRM Users assigned to this security role. For example – if the user can only "Read" Workflow (1/4 filled circle) – then the user can only view Workflow(s) where the user is the "owner" of the Workflow(s). This impacts the "On Demand" Workflows that are available to the user – the user can only manually run Workflow(s) that he or she can view. From a security perspective, a Workflow record (Workflow Rule) behaves like any other CRM record.
What about "Automatic Workflows Scope"? The funny thing is that this also behaves like a security setting – the scope setting is tied to the Workflow’s owner. For example – if the Automatic Workflow scope is "User" – only the CRM records owned by the Workflow’s Owner will be triggered if it meets the Workflow’s automatic condition. If the setting is "Organization" – any CRM records could trigger the Workflow if they meet the Workflow’s automatic condition.
The primary difference between an "On demand" setting vs. "Automatic" workflows is that "On demand" is performed by the CRM user that manually invoked the workflow vs. "Automatic" where it is the Workflow’s Owner performing the action upon triggered. Either way, the Microsoft CRM security privileges are enforced.
Note: Be sure that the published CRM Workflows’ owners (CRM users) accounts are enabled and have the proper security privileges to carry out the automatic workflow processes. If the workflow’s owner is disabled or does not have the sufficient security privileges then the workflow will encounter access error upon automatic triggered.
A creative approach to setup a Microsoft CRM Workflow so that it is only available and/or triggered automatically for selected CRM users is to properly configure the Workflow’s Scope and Security based on the above understanding. We can also leverage the Microsoft CRM Record Sharing function to share the Workflow to each of the selected CRM users or to the CRM team that consists of the selected CRM users: