Managing user access in large Dynamics 365 Customer Engagement (CE) environments often involves repetitive configurations across roles, teams, business units, and queues. This quickly becomes a time sink—especially when onboarding similar users.
In my recent project, I enhanced my Power Apps-based Security Management App with a user cloning feature built using a custom plugin. You can use a similar concept and build a console app as well. Let me walk you through the approach and design.
Use Case
When a new user joins and needs identical access to an existing peer, admins should be able to:
- Select a source user
- Select a target user
- Click Clone
...and instantly replicate:
- Security Roles
- Teams
- Business Unit
- Queues
All without manually re-assigning each entity.
The Plugin Approach
While Power Automate and custom UI logic offer partial solutions, cloning user access requires deeper control—especially over teams and roles, which are tied to multiple system entities.
Hence, I opted for a synchronous plugin registered on a custom action.
Custom Action: new_CloneUserAccess
Input Parameters:
-
SourceUserId(EntityReference) -
TargetUserId(EntityReference)
The plugin is registered on this action to perform cloning logic.
What the Plugin Does
Upon execution, the plugin performs:
- Validation – Ensure both source and target are valid system users.
- Copy Business Unit – If allowed by context, update the target's BU.
- Clone Security Roles – Replicate all roles assigned to source onto target.
- Clone Teams – Add target user to all teams the source user is a member of.
- Clone Queues (Optional) – Recreate queue memberships or assign roles as needed.
Why Not Power Automate?
While Power Automate is excellent for many scenarios, cloning user access deeply involves:
- Multiple N:N relationships (UserRoles, TeamMembership)
- Permission-sensitive operations (BU updates)
- Transactional integrity
Plugins ensure everything is done atomically and securely under a service account.
Security App UI
In my Canvas App:
- A Clone section appears when "Clone User" radio option is selected.
- Admin chooses Source and Target users via People Pickers.
- On Submit, a Power Automate flow triggers the custom action.
- Plugin executes and completes cloning.
- Admin gets real-time feedback on success/failure.
Key Plugin Snippet (C#)
public void Execute(IServiceProvider serviceProvider)
{
var context = (IPluginExecutionContext)serviceProvider.GetService(typeof(IPluginExecutionContext));
var serviceFactory = (IOrganizationServiceFactory)serviceProvider.GetService(typeof(IOrganizationServiceFactory));
var service = serviceFactory.CreateOrganizationService(null);
var source = (EntityReference)context.InputParameters["SourceUserId"];
var target = (EntityReference)context.InputParameters["TargetUserId"];
// Get roles from source user
var roles = GetUserRoles(service, source.Id);
foreach (var roleId in roles)
{
AssignRoleToUser(service, roleId, target.Id);
}
// Similar logic for teams and queues...
}
Outcome
No more manual team and role assignments
Admins save time with 1-click cloning.
Logic is reusable across environments.
Secure and audit-ready.
Bonus Tips
Use impersonation in plugin for auditing
Add logging in custom action for traceability
Handle scenarios where BU changes are restricted
Final Thoughts
User cloning isn't just a convenience—it's a huge time-saver and enabler for scalable user management. With the right combination of Power Apps + Plugin logic, you can simplify and secure your CE environment in minutes.
Top comments (0)