Workflow Scope and Security in Microsoft Dynamics CRM

I’d built numerous Microsoft CRM Workflows since Microsoft CRM v1.0.  In my mind – Microsoft CRM Workflow would be the ideal design approach to use if it can meet the automation requirement.  During a recent Microsoft CRM System Administrator training, I had an opportunity to discuss about the Microsoft Workflow Scope and Security settings.  Here are the details:

Under the Microsoft Dynamics CRM Security Role, Customization tab, there is a "Workflow" entity to set security privileges on.  This setting controls the Workflow privileges for CRM Users assigned to this security role.  For example – if the user can only "Read" Workflow (1/4 filled circle) – then the user can only view Workflow(s) where the user is the "owner" of the Workflow(s).  This impacts the "On Demand" Workflows that are available to the user – the user can only manually run Workflow(s) that he or she can view.  From a security perspective, a Workflow record (Workflow Rule) behaves like any other CRM record.

What about "Automatic Workflows Scope"?  The funny thing is that this also behaves like a security setting – the scope setting is tied to the Workflow’s owner.  For example – if the Automatic Workflow scope is "User" – only the CRM records owned by the Workflow’s Owner will be triggered if it meets the Workflow’s automatic condition.  If the setting is "Organization" – any CRM records could trigger the Workflow if they meet the Workflow’s automatic condition.

The primary difference between an "On demand" setting vs. "Automatic" workflows is that "On demand" is performed by the CRM user that manually invoked the workflow vs. "Automatic" where it is the Workflow’s Owner performing the action upon triggered.  Either way, the Microsoft CRM security privileges are enforced.

Note: Be sure that the published CRM Workflows’ owners (CRM users) accounts are enabled and have the proper security privileges to carry out the automatic workflow processes.  If the workflow’s owner is disabled or does not have the sufficient security privileges then the workflow will encounter access error upon automatic triggered.

A creative approach to setup a Microsoft CRM Workflow so that it is only available and/or triggered automatically for selected CRM users is to properly configure the Workflow’s Scope and Security based on the above understanding.  We can also leverage the Microsoft CRM Record Sharing function to share the Workflow to each of the selected CRM users or to the CRM team that consists of the selected CRM users:


Contact us if you need help with your Microsoft CRM.  Free Estimate.
Workopia, Inc.
Microsoft Dynamics CRM MVP

Follow Workopia on Twitter

FREE 30-Day Trial, Setup & Training – Microsoft CRM Online
 Sign up for a FREE 30-Day Trial, Setup & Training

About Frank Lee

Microsoft Dynamics 365 CRM/xRM consultant in San Francisco, USA.  Awarded the Microsoft MVP (Dynamics 365/CRM) 12 consecutive years from 2006 to 2018. Actively involved with Microsoft Dynamics CRM implementations since Microsoft CRM v1.0 beta (2002). Super passionate about everything CRM, especially in the areas of Cloud Computing, A.I., Digital Transformation and Automation.
This entry was posted in Microsoft CRM Workflow. Bookmark the permalink.

1 Response to Workflow Scope and Security in Microsoft Dynamics CRM

  1. Pingback: Workflow Scope and Security in Microsoft Dynamics CRM « The World of an IT Leader

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s