web
You’re offline. This is a read only version of the page.
close
Skip to main content
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Customer experience | Sales, Customer Insights,... / Need Help with SharePo...
Customer experience | Sales, Customer Insights,...
Answered

Need Help with SharePoint Integration Security in D365

(4) ShareShare
ReportReport
Posted on by viet561995 190

Hi everyone,

I’m seeking help to address some challenges related to SharePoint integration with D365, specifically around syncing security settings. Here's the situation:

  • Current Issue: When syncing files from D365 to SharePoint, security permissions (e.g., who can edit or delete files) are not carried over. These permissions need to be manually configured by a SharePoint admin.

  • Simple Goal: I want to ensure that when a user uploads a file in D365, it gets created in SharePoint with the appropriate permissions:

    • The file owner should be able to edit it.

    • Other users, who are not the owner of the record, should not see the file when they access the SharePoint site.

  • Advanced Goal: In addition to the above, I’d like the following permissions setup:

    • When the record owner uploads a file to SharePoint, their direct manager and the manager’s manager (and higher levels) should also have access to view and edit the file.

Is there a way to achieve this using an out-of-the-box (OOTB) solution in D365? If customization is required, what would be the best approach?

I would greatly appreciate any advice or guidance. Thank you in advance!

Categories:
Dynamics 365 Sales
I have the same question (0)
  • Verified answer
    Daivat Vartak (v-9davar) Profile Picture
    Daivat Vartak (v-9d... 7,829 Super User 2025 Season 2 on at
    Need Help with SharePoint Integration Security in D365
    Hello viet561995,
     
    You've hit upon a common challenge with Dynamics 365 and SharePoint integration: security context transfer. Unfortunately, achieving your desired level of granular permission syncing, especially the "advanced goal" with manager hierarchies, is not possible with out-of-the-box (OOTB) functionality.
    Here's a breakdown of why and what your options are:
     
    Why OOTB Doesn't Work:
    • Limited Security Context Transfer: The standard Dynamics 365 to SharePoint integration primarily focuses on file transfer and basic folder structure creation. It doesn't automatically map Dynamics 365 security roles or user hierarchies to SharePoint permissions.
    • SharePoint Permission Model: SharePoint has its own permission model, which is distinct from Dynamics 365's. Bridging the gap requires custom logic.
    • Manager Hierarchies: Dynamics 365's manager hierarchy is not inherently understood by SharePoint. You need to explicitly translate this relationship into SharePoint permissions.
     
    Customization Approaches:
    1. Power Automate (Recommended for Simpler Scenarios):
      • For your "simple goal" (file owner gets edit, others don't see), Power Automate can be a viable option.
      • Trigger: Use the "When a file is created in SharePoint" trigger (or a similar trigger based on your specific setup).
      • Actions:
        • Get the file's metadata to identify the creator (owner).
        • Use the "Grant access to an item or a folder" action in SharePoint.
        • Grant the file owner "Edit" permissions.
        • Use the "Stop sharing an item or a folder" action to remove default permissions or explicitly deny access to other users.
      • Limitations:
        • Power Automate has limitations in handling complex logic like manager hierarchies.
        • You'll need to manually maintain the flow if your Dynamics 365 user base or roles change significantly.
    2. Plugin Development (For Advanced Scenarios):
      • For your "advanced goal" with manager hierarchies, plugin development is the most robust solution.
      • Trigger: Register a plugin on the "Associate" message of the "SharePointDocumentLocation" entity (or the relevant entity that triggers file creation).
      • Logic:
        • Retrieve the file owner from the Dynamics 365 record.
        • Use the Dynamics 365 SDK to traverse the manager hierarchy (using the "SystemUser" entity and the "parentsystemuserid" lookup).
        • Use the SharePoint REST API or CSOM (Client-Side Object Model) to programmatically set SharePoint permissions.
        • Grant the file owner, their manager, and the manager's manager "Edit" permissions.
        • Handle exceptions and edge cases (e.g., users without managers).
      • Advantages:
        • Provides maximum flexibility and control over permission settings.
        • Can handle complex logic and dynamic permission requirements.
      • Disadvantages:
        • Requires development expertise.
        • Needs careful testing and maintenance.
    3. Third-Party Solutions:
      • Explore third-party solutions on Microsoft AppSource that specialize in Dynamics 365 and SharePoint integration.
      • Some of these solutions might offer advanced permission management features.
     
    Best Practices:
    • Minimize Customization: If possible, try to align your business processes with the OOTB capabilities of Dynamics 365 and SharePoint.
    • Security Auditing: Implement security auditing in both Dynamics 365 and SharePoint to track permission changes.
    • Testing: Thoroughly test any custom solutions in a development environment before deploying them to production.
     
    In summary, while OOTB functionality won't meet your advanced requirements, Power Automate can handle simpler scenarios, and plugin development offers the most flexibility for complex permission management.
     
    If my answer was helpful, please click Like, and if it solved your problem, please mark it as verified to help other community members find more.
    If you have further questions, please feel free to contact me.
     
    My response was crafted with AI assistance and tailored to provide detailed and actionable guidance for your Microsoft Dynamics 365 query.
     
    Best Regards,
    Daivat Vartak
  • viet561995 Profile Picture
    viet561995 190 on at
    Need Help with SharePoint Integration Security in D365
    The AI response you provided doesn't address my concerns. Surely, you're aware that I already know Power Automate can be used to configure permissions in SharePoint. What I need to know is: how exactly can this be done?
  • Suggested answer
    Saif Ali Sabri Profile Picture
    Saif Ali Sabri 2,346 Super User 2025 Season 2 on at
    Need Help with SharePoint Integration Security in D365
    “AI was used in this reply”.
    SharePoint integration with Dynamics 365 does not automatically sync security permissions from D365. However, here’s how you can approach this:
    Out-of-the-Box (OOTB) Approach (Limited Security Control)
    • By default, SharePoint follows its own permissions model, independent of D365.
    • You can use Document Locations in D365 to control which records users can access, but this does not restrict direct access to files in SharePoint.
    Customization Approach (Recommended for Your Requirements)
    1. Use SharePoint Folder-Level Security
      • Enable Column-Level Security in SharePoint to manage access at a granular level.
      • Restrict permissions at the document library or folder level using SharePoint’s built-in settings.
    2. Automate Permissions via Power Automate
      • Create a Power Automate flow triggered when a file is uploaded to SharePoint.
      • Fetch the record owner from D365, retrieve their manager (using Office 365 Users connector), and apply SharePoint permissions accordingly.
    3. Use a SharePoint Event Receiver or Power Automate HTTP Request (Advanced)
      • Develop a SharePoint Event Receiver (requires custom coding) to enforce permission settings when files are added.
      • Alternatively, use a Power Automate flow to call the SharePoint REST API to assign unique permissions dynamically.
    Best Approach for Your Needs
    • If OOTB is preferred, manually setting folder permissions in SharePoint is the only option.
    • For automation and flexibility, Power Automate + SharePoint REST API is the most scalable solution.
    Would you like a step-by-step guide on setting up the Power Automate flow for this?

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Join experts in person to explore low code and AI agents at the Power Platform Community Conference sponsored by Microsoft
Our Community Code of Conduct has been updated!

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Andrés Arias – Community Spotlight

We are honored to recognize Andrés Arias as our Community Spotlight honoree for…

Congratulations to the August Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Customer experience | Sales, Customer Insights, CRM

#1
Daniyal Khaleel Profile Picture

Daniyal Khaleel 122

#2
DAnny3211 Profile Picture

DAnny3211 101

#3
Abhilash Warrier Profile Picture

Abhilash Warrier 70 Super User 2025 Season 2

Last 30 days Overall leaderboard

Featured topics

Hide selecting Contact for potential customer when creating quote

Product updates

Dynamics 365 release plans