I'm interested in persisting the following information
SMS messages
Voice/Phone Call details (inbound/outbound)
Website chat messages
Facebook Messenger messages
in CRM Dynamics such that this information is immediately view-able for a given entity. (Reporting is a bonus) I understand that 1 way of accomplishing this task of persisting communication history within the CRM is to create a custom activity as described here
https://learn.microsoft.com/en-us/dynamics365/customer-engagement/developer/custom-activities
However, I need some clarification on how the new activity is associated with leads, opportunities, and accounts. For example, is it possible to have an activity associated with a lead, but no opportunity, nor any matching accounts? At the same time, is it possible to have an activity that is associated with a lead, an opportunity, and an account?
How are end users of CRM Dynamics viewing these types of historical messages within the UI?
Perhaps the answer to this is that a lead can be associated with an opportunity, and thus activity related to a lead could indirectly be associated with an opportunity from that connection?
I tested this by creating a lead,creating activity for that lead, then converting that lead into an opportunity. In this case, the activity added to the lead entity was visible within the opportunity entity form. However, When I created activity within the opportunity entity form, this activity did Not lead to activity viewable within the lead entity form.
Do I need to always save activity to a lead entity then?
This seems like the only method in order to ensure that custom activity is always visible regardless of where the lead/opportunity/account is in the lifecycle.
Dynamics CRM has functionality as
Under Account if You create Opportunity, and for this Opp if you have a Activity it will be visibile under Account.
Now if you create Lead, you create activity under lead and when you qualify Lead, your lead will be converted to Opp and all your Activites will be carried to Opp.
One more case with Lead, You create a Lead, In this Lead you add Account (you already know for which Account you have a Lead). Now you create Activity under Lead, even though this lead is connected to Account, it's activities will not be shown in Account. After you qualify this Lead and converted to Opp, all your Activities under Lead (currently Opp) will be show in Account.
Summary: Creating Activities to Lead and then qualifying to Opp will show up in Opp, not the other way around. Imp is to have a overview on Account
Few Screenshots for Ref.
I’m using Camunda embedded in my web application (springboot). I successfully created my custom identityProvider (implementing ReadOnlyIdentityProvider) and my users and groups are being read from my database.
The thing is, I thought Camunda would check, for example, that certain user can only claim a task if he/she belongs to the candidate group, but I don’t see that happening. For example, I logged to cockpit with a user with group A, and was able to claim a task assigned to candidate group B.
So my question is, why would I need to create an IdentityProvider? Camunda webapps will be accessed by admins only, so I don’t need to setup resource security there. Is there a use case or something that I’m missing?
PD: Also asked in https://forum.camunda.org/t/do-i-need-an-identity-service-for-an-embedded-installation/10378
Claiming a task is not forbidden by camunda if you are not member of the candidate group of the task.
So I guess setting the tasklist filters in a way where a user that is not member of a group is not able to see the task will be your solution.
I have general question regarding Amazon SWF and web application which has a reactive style. For example, I have a shopping website where user ad products to cart, validate the quantity, enter the shipping and billing address, payment processing, order shipping and tracking. If I implement a work flow for the order fulfillment, how this should be designed in the SWF. Do this order fulfillment work flow begin only after all inputs received? How this work flow notifies to the customer on the progress of order process, any validation issues etc. How this should be distributed?
The simplest approach is to use SWF to perform backend order fulfillment and a separate data store to hold the order information and status. When an order is configured through the website the data store is updated. Later when the order is placed a workflow instance is created for it. The workflow uses information (by loading it using activities) from the data store. Then the workflow updates the data store using activities and the website queries the status and other progress information of the workflow from the data store.
Another option is to use execution state feature of SWF. See Exposing Execution State from SWF Developer Guide.
The Cadence (which is open sourced version of SWF) in the near future is going to add a query feature. It would allow synchronously query for the workflow state through the service API. It is different from execution state as it would allow multiple query types and query parameters.
How do you update (RESTful) resources in a web API from the client, when you also need the backend to take actions regarding these changes?
Let's say I have a RESTful web API with the following resources:
Worker - id, first_name, last_name, ...
Project - id, title, due_date, ..., worker [ref to Worker]. A project can exist only if it belongs to a worker.
In the client (which is typically a mobile app), users can retrieve a list of some worker's projects. They can then modify each project in that list (update), delete, or create new ones.
Changes must take place locally on the client side, until a "send" command is dispatched, only then the server should receive the updates. Kind of like a classic form use case.
The tricky part:
I need the backend to take actions according to each change, both individually and also as a whole. For example:
A user retrieved some worker's projects list, deleted a project, and also updated the due_date of another.
According to this change, the backend needs to both send push notifications to all of that project's members, and also recalculate the relevant worker's priorities according the total change in their projects (one was deleted, another got postponed...).
How do I achieve this in the best way?
If I update/delete/create each project by itself (with seperate POSTs, PUTs and DELETEs), when will the backend do the overall recalculation task?
If I update them all together as a bulk (with PUT), the backend will then need to understand what exactly changed (which got deleted, which modified...), which is a hard chore.
Another option I heard is to create a third utility resource, that's something like "WorkerProjectUpdater" that holds the changes that need to be made, like transactions, and then have a "daemon" going through it and actually committing the changes. This is also hard to achieve as in the real story there are many many types of modifications, and it'll be quite complex to create a resource (with a model and DB records) for every type of change.
I'm using Django with Django Rest Framework for that web service.
Appreciate your help!
I've written a small service (plain Win32) and I'd like to know if it's possible to run multiple instances of it when multiple users are logged on.
Basically, let's say we've got UserA and UserB for UserA the service would log on as "domain\UserA" and for UserB the service would log on as "domain\UserB" - this is from the same executable of course. I can change the logon dynamically using the ChangeServiceConfig() function, but it changes it system-wide it seems, while I'd like each user to have his own copy of the service running only for him.
Thank you in advance for any pointers.
Win32 services are designed to be system-wide, and start running before any user is logged in. If you want something to run on a per-user basis, it's probably better to design it as a regular application and run it from the user's Startup group.
Is it possible to perhaps have the service create child processes which then adopt the user credentials (or be started with them)? This way you're still limited to a single instance of the service, but it is able to do its per-user jobs all the same. IIRC the Windows Task Scheduler service does this.
The whole concept of a service is that it is started before any user is even logged on. so even if this was possible, you wouldn't be able to choose between userA and userB when the service starts because none of them is logged on yet.
A possible direction would be for the service to run as SYSTEM And every few minutes check if there is a user logged in, if there is- impersonate that user and do this stuff.
Yes, that sounds close (I'm answering comment from Greg, but comments are too short to fit my reply).
I don't know the list of users beforehand, but there's a GUI control application that would be used to enter username/password pairs for each user. So, userA would log on, run the application, enter his credentials and service would use that. At the same time (after userA has logged off, but the service is still running with userA's credentials) userB logs on, uses the app, and another copy of the service starts running as logged on userB. Thus, at the same time userA and userB services are running.
Is that possible?
You are probably looking to Impersonate the users. Check out some references I found with a quick Google search here:
MSDN Article on WindowsIdentity.Impersonate
.Net Security Blog Article
It sounds as if you actually have two different, conflicting requirements, as to timing and identity.
Run as each logged in user
Run automatically even if no user is logged in.
No way to do this trivially, instead consider wrapping your program in a service; the program will run normally on startup for each user (either thru the startup folder or taskscheduler), and in addition create a service to run your app as a system user (or any other user you define).
Since you also need (you mention this in the comments) the app to keep running as the enduser even after he logs out, you can have the service manage this process for you.
HOWEVER this might not be the best idea, since the user is still effectively logged in. This can have numerous side effects, including security, performance (too many users logged in at once...), etc.
You could create an service application and a non-service(normal) application and make them communicate through IPC (Mapped File, Pipes, MailSolts ... you name it).
This way you solve all the troubles.
NOTE: The same application can behave differently - when started as a process and when started by a user, but in the end it is the same thing, you still have 2 applications (no matter if you got only one executable).
Running with different accounts is possible. In fact, this is common. See svchost.exe, which implements a bunch of OS services.
I just don't get how you determine which accounts. In a big company, many PCs are set up so all 100.000+ employees could use it. You don't want to run your service as the logged-in users, nor can you want to run it for all 100.000 users. So for which accounts, I have to ask?
A Windows process can only execute with the privileges of one single user at a time. This applies to services and other processes. With enough privileges it is possible to "switch" between different users by using impersonation. The most common pattern for what you are trying to do is to have one instance of a privileged service which registers to log in/log out events and creates children processes accordingly, each one of them impersonating the logged in user. The pattern will also simplify UI as each process runs on each separate user's Desktop, as if it were a regular application.
If you keep the privileged service's code as simple as possible this pattern has the added benefit that you are minimizing the attack surface of your code. If a user finds a security problem on the "running as user" side of your service it is a non-issue, while security problems in the privileged services could lead to privilege escalation. In fact, before Vista privileged services implementing a Windows message processing loop are vulnerable to a type of attack called Shatter attacks, which you should be aware of given what you are trying to do.
You want this running all the time, so you want a service.
You want something tracking each user, so you want an application which runs in the user session and communicates with the service (using named pipes or DCOM or whatever fits your requirements).
You don't need multiple instances of your service. From the description of your problem it looks like what you need is one service that can impersonate users and execute jobs on their behalf.
You can do this by implementing a COM object hosted in a service. Your client application (that the end user runs) will call CoCreateInstanceEx on your CLSID. This would cause new instance of your COM object to be created in your service. Then the application can use a method on one of your interfaces to pass the collected user credentials to the COM object (though I'd be wary of collecting credentials and instead see if I can pass the user token instead). The COM object which is running in the context of the service can then call LogonUser() to log on the user and impersonate it, so it can do whatever on her behalf (like finding the user local appdata folder :-)). Other answers havve good links to impersonating users using credentials or token.
If you feel comfortable with COM, I'd suggest you create your objects as multithreaded (living in the MTA), so that their execution is not serialized by COM. If not, the default single threaded model would be good enough for you.
The Visual Studio ATL wizard can generate the skeleton of a COM object living in a service. You can also read about implementing Windows Service with ATL here: http://msdn.microsoft.com/en-us/library/74y2334x(VS.80).aspx
If you don't know COM at all, you can use other communication channels to pass the credentials to your service.
In any case, once your service gets the credentials, all the work on behalf of the user will have to be executed on a background thread, so as to not block the application running as the user.