We can also impersonate a user using javascript in WebAPI by just passing the callerId in header. The impersonator should have the delegate role ( prvActOnBehalfOfAnotherUser) privilege.
Below is the sample code for that.
var entity = {};
entity.subject = value;
entity["regardingobjectid_contact@odata.bind"] = "/contacts(" + recordId + ")";
var req = new XMLHttpRequest();
req.open("POST", serverUrl + "/api/data/v9.0/tasks", true);
req.setRequestHeader("OData-MaxVersion", "4.0");
req.setRequestHeader("OData-Version", "4.0");
req.setRequestHeader("Accept", "application/json");
req.setRequestHeader("Content-Type", "application/json; charset=utf-8");
req.setRequestHeader("Prefer", "odata.include-annotations=\"*\"");
req.setRequestHeader("MSCRMCallerID", "60FBEAFB-7724-EB11-A813-000D3A569CF5");
req.onreadystatechange = function () {
if (this.readyState === 4) {
req.onreadystatechange = null;
if (this.status === 204) {
Xrm.Utility.alertDialog("New Task Record Created with Related Contact");
} else {
Xrm.Utility.alertDialog(this.statusText);
}
}
};
req.send(JSON.stringify(entity));
We get a task created with following audit :
If a field is having FLS (Field level security) enabled then it won’t allow access even if the impersonated user has full access but impersonating user doesn’t have access to the field.
Below is the full code where we trigger a Create Task on click on ribbon button. We read the value from custom entity ps_configurationsetting and then create task with the same subject. If the calling user doesn’t have access to FLS, impersonation wont help too.
ContactRibbon = {
CreateTask: function (context) {
var formContext = context;
var recordId = formContext.data.entity.getId().replace("{", "").replace("}", "");
var globalContext = Xrm.Utility.getGlobalContext();
var serverUrl = globalContext.getClientUrl();
var url = Xrm.Page.context.getClientUrl() + "/api/data/v9.1/ps_configurationsettings?$filter=ps_key eq 'azurekey'";
var reqCS = new XMLHttpRequest();
reqCS.open("GET", url, false);
reqCS.setRequestHeader("Accept", "application/json");
reqCS.setRequestHeader("Content-Type", "application/json; charset=utf-8");
reqCS.setRequestHeader("MSCRMCallerID", "60FBEAFB-7724-EB11-A813-000D3A569CF5");
reqCS.send();
if (reqCS.readyState == 4) {
if (reqCS.status == 200) {
var data = JSON.parse(reqCS.response);
if (data != null && data.value.length > 0) {
var value = data.value[0].ps_value;
}
}
else {
alert("Error: " + reqCS.responseText);
}
}
var entity = {};
entity.subject = value;
entity["regardingobjectid_contact@odata.bind"] = "/contacts(" + recordId + ")";
var req = new XMLHttpRequest();
req.open("POST", serverUrl + "/api/data/v9.0/tasks", true);
req.setRequestHeader("OData-MaxVersion", "4.0");
req.setRequestHeader("OData-Version", "4.0");
req.setRequestHeader("Accept", "application/json");
req.setRequestHeader("Content-Type", "application/json; charset=utf-8");
req.setRequestHeader("Prefer", "odata.include-annotations=\"*\"");
req.setRequestHeader("MSCRMCallerID", "60FBEAFB-7724-EB11-A813-000D3A569CF5");
req.onreadystatechange = function () {
if (this.readyState === 4) {
req.onreadystatechange = null;
if (this.status === 204) {
Xrm.Utility.alertDialog("New Task Record Created with Related Contact");
} else {
Xrm.Utility.alertDialog(this.statusText);
}
}
};
req.send(JSON.stringify(entity));
}
};
Power Platform & Dynamics 365 