Customer Engagement & Dynamics CRM Forum

Expand all | Collapse all

Securing approval or stage-gate fields in a business process (BPF)

  • 1.  Securing approval or stage-gate fields in a business process (BPF)

    Posted Feb 27, 2020 04:14 PM
    I have a requirement where in a specific stage of a business process flow (BPF), only members of a specific team can modify the stage-gate fields of that stage to proceed to the next stage.

    ex:
    At stage 3 of the BPF, the record is assigned to Accounting and a member of that team must approve a request.
    The stage-gate field is a two-option field named "Approved".

    I am considering applying Field Level Security (FLS) to the field.
    Seems like the right thing to do, but it means more setup and maintenance of the user/team portion of the Security part of the platform.

    JavaScript to test the current user's team or security role could be an option, but I find it's not as easy to verify and troubleshoot as using FLS.

    I am wondering if other members of the community have dealt with this type of requirement and if they use FLS or something else.

    Thanks in advance,

    ------------------------------
    Louis-Alain Filiatrault
    CRM Specialist
    CGI Technologies and Solutions Inc.
    ------------------------------
    Academy - Online Interactive Learning from Experts


  • 2.  RE: Securing approval or stage-gate fields in a business process (BPF)

    TOP CONTRIBUTOR
    Posted Feb 28, 2020 07:11 AM
    Louis,

    In similar circumstance i simply use the audit history, assuming you have auditing turned on.  We have had situations where a User from one group will update data in another groups BPF stage.  I show them the audit history and the behavior stops.  Another thing you can do is have an "Approved By" field, lookup to User, and have that field required in the stage.  Then just check that Approved By = Current User when Approved field is change to Yes.  This way it is in the Users face and very clear that the action is being controlled.  Also, in later stages it is very easy to see who approved it to get that far.  Depending on your use-case you could also then lock those two fields so there is no chance of someone changing the data after the fact.

    Hope this helps,

    ------------------------------
    Jim Corriveau
    A.W. Chesterton Company
    Groveland MA
    ------------------------------

    Academy - Online Interactive Learning from Experts


  • 3.  RE: Securing approval or stage-gate fields in a business process (BPF)

    Posted Feb 28, 2020 07:35 AM
    Thanks for the insight, Jim!
    Our current solution has Audit History turned on for the stage-gate fields.
    The user at fault was just distracted and went through two stages, his and the one after and he couldn't explain his mistake.
    However, a mistake in the business process in very costly to the business.
    I am taking note of your "Approved By" lookup suggestion and see if that would be acceptable to the stakeholders.
    We'll also see about labeling the stages and stage-gates differently to differentiate them.
    Ultimately, I feel FLS is the ultimate solution  to this requirement but it comes with extra administrative work.

    Thanks again!
    Louis

    ------------------------------
    Louis-Alain Filiatrault
    CRM Specialist
    CGI Technologies and Solutions Inc.
    ------------------------------

    Academy - Online Interactive Learning from Experts


  • 4.  RE: Securing approval or stage-gate fields in a business process (BPF)

    Posted Feb 28, 2020 09:13 AM
    Perhaps you could change the ownership of the record when it leaves the completed stage to now be owned by the Accounting team?  I think you could do this through a workflow or maybe even a business rule.

    ------------------------------
    Terry Letkeman
    Bespoke Technology Services
    Winnipeg
    ------------------------------

    Academy - Online Interactive Learning from Experts


  • 5.  RE: Securing approval or stage-gate fields in a business process (BPF)

    Posted Feb 28, 2020 10:01 AM
    Hi Terry,

    Good point, I have to review that since the record is supposed to change ownership to another team upon leaving the stage.
    I think the user had a management role so they were ok to keep updating the record, they just went 1 stage beyond what they were supposed to do.
    Security covers the BPF entity at an organization level only and does not address the BPF stages. That might be an idea to submit to the D365 product team.

    Thanks!

    ------------------------------
    Louis-Alain Filiatrault
    CRM Specialist
    CGI Technologies and Solutions Inc.
    ------------------------------

    Academy - Online Interactive Learning from Experts


If you've found this thread useful, dive deeper into User Group community content by role