web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics CRM (Archived) / Securing Documents
Microsoft Dynamics CRM (Archived)

Securing Documents

(0) ShareShare
ReportReport
Posted on by Community Member
We are using CRM for sales and service and I am looking for a way to secure certain documents, contracts, CC authorizations, etc., that contain private customer information from being accessed by service personnel. Currently service personnel have minimal access to Accounts so they can look up addresses and close their Service Activities. What would be the best way to go about this?

*This post is locked for comments

I have the same question (0)
  • Graham.Davis Profile Picture
    Graham.Davis on at
    Documents are always tricky in CRM, and there are two approaches.
        You are using the documents tab, in which case the documents are in SharePoint. In this case you could get into the actual document library and use SharePoint's security infrastructure to control access. This approach would only really work in real life if you took an all-or-nothing approach (all users with a specific role can see or not), otherwise administering permissions in SharePoint would become a bit of a nightmare.
        The second option is that you are using "attach" functionality from notes. This is a bit clumsy, but a simple answer would be to create a new entity called attachments, pop a sub-grid on the form and have users create a new record for each attachment. This would give you the ability to constrain users from accessing these records using CRM security roles. There is a back door to this approach. If users search for notes using advanced find, then they will be able to find the notes and access them.
  • Suggested answer
    ScottDurow Profile Picture
    ScottDurow 21 on at

    Both approaches that Graham suggests are valid - but I would recommend the SharePoint approach - this gives you complete control over security (even though this could be additional administration) - but it also means that your CRM database doesn't grow so big that it becomes unmanageable - if you are using CRM Online, SharePoint storage is much cheaper than CRM storage as well.

    Hope this helps,

    Scott

  • Luc @ IT creation Dell Premier Partner Profile Picture
    Luc @ IT creation D... 1,360 on at

    [quote user="Scott Durow"]

    Both approaches that Graham suggests are valid - but I would recommend the SharePoint approach - this gives you complete control over security (even though this could be additional administration) - but it also means that your CRM database doesn't grow so big that it becomes unmanageable - if you are using CRM Online, SharePoint storage is much cheaper than CRM storage as well.

    Hope this helps,

    Scott

    [/quote]

    We are using the solution provided by Scott.

    Sharepoint & CRM work really well together.

  • Community Member Profile Picture
    Community Member on at

    Graham,

    My service department utilizes the documents section in Service Activities to upload photo's from their jobs. My warehouse uses documents section to upload signed order documents in the Orders entity. When you say "all or nothing" , would this mean my warehouse and service department would loose access to those sections and Sales would be the only group that has access to SharePoint?

  • Verified answer
    Graham.Davis Profile Picture
    Graham.Davis on at

    When I said "all or nothing" I was referring to how CRM handles the out-of-the-box documents tab. Each SharePoint Document location which is created refers to a single record by populating a regardingid in the background. A typical configuration would created folders automatically in single document library in SharePoint. SharePoint permissions are managed at the document library level, unless of course you consider the "share" functionality to fall under permissions. So in short, if you want to manage permissions in a sustainable way, then its typically a single permission definition per document library, which means a single set of permissions per entity in CRM.

    To answer your question above, depending on how you set up your document locations, it would be possible to share everything in the service activities document tab with everyone, restrict only warehouse to be able to see orders, and only sales to see sales documents uploaded to document locations configured for the opportunity entity.

    The permissions if it configured this way would be set up on an entity by entity basis, and then you have the flexibility to configure security however you want per entity. My original reply assumed that you would want to constrain access based on role within a single entity. The security roles you set per entity apply across the board.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > 🔒一 Microsoft Dynamics CRM (Archived)

#1
SA-08121319-0 Profile Picture

SA-08121319-0 4

#1
Calum MacFarlane Profile Picture

Calum MacFarlane 4

#3
Alex Fun Wei Jie Profile Picture

Alex Fun Wei Jie 2

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans