Two days ago, one of my clients reported that one of their users was able to track an email sent from Outlook and when it was added to CRM, the email was related/ linked to several contacts the user did not have access to. I first thought this was do to the appendto privilege for the user being to high even thought the user did not have read access to the contacts. Upon research, I have found that emails sync'd through the clients Server Side Sync setup are created in CRM by the "SYSTEM" user. After some research, I can across a blog stating, "No security applies to these users (any action is allowed when executing as SYSTEM or INTEGRATION), all security validations are bypassed" (click here for blog). This would explain why the emails are being created in CRM and then related to contacts that the CRM user should not be able to relate emails too.
I have not been able to find a way to configure Server Side Sync or the Email Router to not create emails as the SYSTEM user. Does anyone know if this is possible and what the setup should be to achieve this? The CRM Outlook Client is NOT an option for my client as they don't want to be dependent on their users leaving Outlook open all the time to process emails. My client has CRM 2015 Update 0.1 OnPrem and Exchange 2013 OnPrem.
Thank you for all of your help and time.
Dylan Reynolds
*This post is locked for comments