Working on behalf of another user

An application that uses the Dynamics GP service may be running as a specific user, but being accessed by other different users. For example, a web-based application running on a server may have this situation. The application is running as a specific user (often a local user account defined on the server), but other users are accessing the application with their own logon credentials.

The various users of the application may have different security access for the Dynamics GP service. Some users of the application may be able to access methods in the Dynamics GP service that other users cannot. To provide proper security for the application, you will want to use the security settings for the user that is currently accessing the application. Since that user isn't actually running the application, the application needs a way to perform work on behalf of that user. The the WorkOnBehalfOf property of the Context object allows this capability when accessing the Dynamics GP service.

To use the WorkOnBehalfOf property, you need to create a role and assign the "Work on Behalf of Other Users" task to it. The user actually running the application (such as the local user on the server) must be assigned to this role. This allows that user to perform work on behalf of the other users who will be accessing the application.

When your application calls methods in the Dynamics GP service, you will set the default credentials on the service instance to be the local user that is actually running the application. For the Context object, you will set the WorkOnBehalfOf property to the login name for the user that is accessing the application. The security settings for that user will be used by the Dynamics GP service.