Skip to main content

Notifications

Announcements

🌸 Community Spring Festival 2025 Challenge & Updates🌸
News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Customer experience | Sales, Customer Insights,... / Need Help with SharePo...
Customer experience | Sales, Customer Insights,...
Answered

Need Help with SharePoint Integration Security in D365

(4) ShareShare
ReportReport
Posted on by viet561995 188

Hi everyone,

I’m seeking help to address some challenges related to SharePoint integration with D365, specifically around syncing security settings. Here's the situation:

  • Current Issue: When syncing files from D365 to SharePoint, security permissions (e.g., who can edit or delete files) are not carried over. These permissions need to be manually configured by a SharePoint admin.

  • Simple Goal: I want to ensure that when a user uploads a file in D365, it gets created in SharePoint with the appropriate permissions:

    • The file owner should be able to edit it.

    • Other users, who are not the owner of the record, should not see the file when they access the SharePoint site.

  • Advanced Goal: In addition to the above, I’d like the following permissions setup:

    • When the record owner uploads a file to SharePoint, their direct manager and the manager’s manager (and higher levels) should also have access to view and edit the file.

Is there a way to achieve this using an out-of-the-box (OOTB) solution in D365? If customization is required, what would be the best approach?

I would greatly appreciate any advice or guidance. Thank you in advance!

Categories:
Dynamics 365 Sales
  • Verified answer
    Daivat Vartak (v-9davar) Profile Picture
    Daivat Vartak (v-9d... 6,051 Super User 2025 Season 1 on at
    Need Help with SharePoint Integration Security in D365
    Hello viet561995,
     
    You've hit upon a common challenge with Dynamics 365 and SharePoint integration: security context transfer. Unfortunately, achieving your desired level of granular permission syncing, especially the "advanced goal" with manager hierarchies, is not possible with out-of-the-box (OOTB) functionality.
    Here's a breakdown of why and what your options are:
     
    Why OOTB Doesn't Work:
    • Limited Security Context Transfer: The standard Dynamics 365 to SharePoint integration primarily focuses on file transfer and basic folder structure creation. It doesn't automatically map Dynamics 365 security roles or user hierarchies to SharePoint permissions.
    • SharePoint Permission Model: SharePoint has its own permission model, which is distinct from Dynamics 365's. Bridging the gap requires custom logic.
    • Manager Hierarchies: Dynamics 365's manager hierarchy is not inherently understood by SharePoint. You need to explicitly translate this relationship into SharePoint permissions.
     
    Customization Approaches:
    1. Power Automate (Recommended for Simpler Scenarios):
      • For your "simple goal" (file owner gets edit, others don't see), Power Automate can be a viable option.
      • Trigger: Use the "When a file is created in SharePoint" trigger (or a similar trigger based on your specific setup).
      • Actions:
        • Get the file's metadata to identify the creator (owner).
        • Use the "Grant access to an item or a folder" action in SharePoint.
        • Grant the file owner "Edit" permissions.
        • Use the "Stop sharing an item or a folder" action to remove default permissions or explicitly deny access to other users.
      • Limitations:
        • Power Automate has limitations in handling complex logic like manager hierarchies.
        • You'll need to manually maintain the flow if your Dynamics 365 user base or roles change significantly.
    2. Plugin Development (For Advanced Scenarios):
      • For your "advanced goal" with manager hierarchies, plugin development is the most robust solution.
      • Trigger: Register a plugin on the "Associate" message of the "SharePointDocumentLocation" entity (or the relevant entity that triggers file creation).
      • Logic:
        • Retrieve the file owner from the Dynamics 365 record.
        • Use the Dynamics 365 SDK to traverse the manager hierarchy (using the "SystemUser" entity and the "parentsystemuserid" lookup).
        • Use the SharePoint REST API or CSOM (Client-Side Object Model) to programmatically set SharePoint permissions.
        • Grant the file owner, their manager, and the manager's manager "Edit" permissions.
        • Handle exceptions and edge cases (e.g., users without managers).
      • Advantages:
        • Provides maximum flexibility and control over permission settings.
        • Can handle complex logic and dynamic permission requirements.
      • Disadvantages:
        • Requires development expertise.
        • Needs careful testing and maintenance.
    3. Third-Party Solutions:
      • Explore third-party solutions on Microsoft AppSource that specialize in Dynamics 365 and SharePoint integration.
      • Some of these solutions might offer advanced permission management features.
     
    Best Practices:
    • Minimize Customization: If possible, try to align your business processes with the OOTB capabilities of Dynamics 365 and SharePoint.
    • Security Auditing: Implement security auditing in both Dynamics 365 and SharePoint to track permission changes.
    • Testing: Thoroughly test any custom solutions in a development environment before deploying them to production.
     
    In summary, while OOTB functionality won't meet your advanced requirements, Power Automate can handle simpler scenarios, and plugin development offers the most flexibility for complex permission management.
     
    If my answer was helpful, please click Like, and if it solved your problem, please mark it as verified to help other community members find more.
    If you have further questions, please feel free to contact me.
     
    My response was crafted with AI assistance and tailored to provide detailed and actionable guidance for your Microsoft Dynamics 365 query.
     
    Best Regards,
    Daivat Vartak
  • viet561995 Profile Picture
    viet561995 188 on at
    Need Help with SharePoint Integration Security in D365
    The AI response you provided doesn't address my concerns. Surely, you're aware that I already know Power Automate can be used to configure permissions in SharePoint. What I need to know is: how exactly can this be done?
  • Suggested answer
    Saif Ali Sabri Profile Picture
    Saif Ali Sabri 1,847 Super User 2025 Season 1 on at
    Need Help with SharePoint Integration Security in D365
    “AI was used in this reply”.
    SharePoint integration with Dynamics 365 does not automatically sync security permissions from D365. However, here’s how you can approach this:
    Out-of-the-Box (OOTB) Approach (Limited Security Control)
    • By default, SharePoint follows its own permissions model, independent of D365.
    • You can use Document Locations in D365 to control which records users can access, but this does not restrict direct access to files in SharePoint.
    Customization Approach (Recommended for Your Requirements)
    1. Use SharePoint Folder-Level Security
      • Enable Column-Level Security in SharePoint to manage access at a granular level.
      • Restrict permissions at the document library or folder level using SharePoint’s built-in settings.
    2. Automate Permissions via Power Automate
      • Create a Power Automate flow triggered when a file is uploaded to SharePoint.
      • Fetch the record owner from D365, retrieve their manager (using Office 365 Users connector), and apply SharePoint permissions accordingly.
    3. Use a SharePoint Event Receiver or Power Automate HTTP Request (Advanced)
      • Develop a SharePoint Event Receiver (requires custom coding) to enforce permission settings when files are added.
      • Alternatively, use a Power Automate flow to call the SharePoint REST API to assign unique permissions dynamically.
    Best Approach for Your Needs
    • If OOTB is preferred, manually setting folder permissions in SharePoint is the only option.
    • For automation and flexibility, Power Automate + SharePoint REST API is the most scalable solution.
    Would you like a step-by-step guide on setting up the Power Automate flow for this?

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

🌸 Community Spring Festival 2025 Challenge & Updates🌸

Quick Links

🌸 Community Spring Festival 2025 Challenge 🌸

WIN Power Platform Community Conference 2025 tickets!

Jonas ”Jones” Melgaard – Community Spotlight

We are honored to recognize Jonas "Jones" Melgaard as our April 2025…

Kudos to the March Top 10 Community Stars!

Thanks for all your good work in the Community!

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 294,125 Super User 2025 Season 1

#2
Martin Dráb Profile Picture

Martin Dráb 232,871 Most Valuable Professional

#3
nmaenpaa Profile Picture

nmaenpaa 101,158 Moderator

Leaderboard

Featured topics

Product updates

Dynamics 365 release plans