Featured Post

Dynamics GP 2018 is now Released

It is officially published that Microsoft Dynamics GP 2018 is available, the download link is provided below: Product download page ...

Tuesday, February 9, 2016

Workflow Delegations under User Preferences, Access Denied for Limited Users

One of the most important features introduced recently in Dynamics GP is precisely workflow 2.0 and the ability to manage various workflow-associated tasks through the web client. As for requisitions specifically, Limited users were introduced to let the users enter and approve requisitions, which seems perfectly superb.
Workflow Delegations - User Preferences
In order to manage delegations, users are supposed to fill out the user from the Active Directory, who is supposed to approve/reject on behalf of them. There are precisely two issues which are encountered when using this window which are:
  1. Once the window is open, and the option "Automatically delegate my workflow tasks to "  is checked, closing the window becomes impossible unless the "Delegate to" field is filled out. As shown below, the system doesn't allow you to close the window giving an error that "A delegate must be selected"

    Select a delegate warning Message

  2. The delegate to "lookup" is not part of the limited users privileges, it can only be granted to full users.
The security task associated with the lookup window can be seen under "Microsoft Dynamics GP Product, Windows Types, System Series and Full User Type". If you choose the Limited user, the Directory Account Lookup is not included, which is why it can not be granted to limited users.

Workflow Delegation - Lookup button

Security Privilege Error - on Lookup button

Directory Account Lookup - Security Task
Work-around Solution (Workflow Delegation Lookup)
Although limited users can not open the lookup in order to search for a specific user in the Active Directory, they can still type in the "Delegate to" field and pick a specific user from the AD. For instance, if you want to delegate tasks to a user in the AD with the name "Mahmoud Saadi", type in the very initial characters of the name and then press Tab, the system will automatically retrieve the first name from the AD. 

This is definitely invalid when you have multiple users in the AD with the same account name, which will result with retrieving incorrect accounts. 

I have submitted my feedback on MSConnect to be consider by Microsoft Support team, ID: 2339798 on this Link.

Best Regards,
Mahmoud M. AlSaadi

1 comment: