Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Dynamics 365 Community / Forums / Microsoft Dynamics CRM (Archived) / CRM/SharePoint Security
Microsoft Dynamics CRM (Archived)

CRM/SharePoint Security

(0) ShareShare
ReportReport
Posted on by Sukh Gill 967

Hi Guys

I have enabled the server based synchronisation between CRM 2013 Online and SharePoint Online.  My structure is based on Account so that all child records e.g. Opportunities, Contracts, Cases are created in the related Account folder.

The problem I have is that we have security set up where all users can access all Accounts however they are only able to access Contracts that are in their business unit.  Now the way that the SharePoint integration works is that when a document is uploaded against a Contract record, this document is viewable against the Account record (because of the folder structure).  Now even though a user may not have access to a Contract record in CRM, they are able to view and open the Contract document that was uploaded against the Contract by opening this from the Account record. 

I understand that this is due to SharePoint security as opposed to CRM security however I was just wondering if anyone has any recommendations on how this can be resolved.  Will this require development work as I can't see how we can overcome this problem.

Thanks
Sukh

*This post is locked for comments

  • Suggested answer
    Inogic Profile Picture
    Inogic 24,094 on at
    CRM/SharePoint Security
    Hello there,

    It sounds like you're facing a problem with document accessibility for the Contract record folder in SharePoint. These records shouldn't be visible, as you've already set business unit-level privileges in CRM. However, the access privileges in CRM do not get automatically reflected in SharePoint with the native integration. We need to do it manually. What you are looking for is a solution that will automatically apply the same security privileges from the business unit to the Account and Contract record folders in SharePoint as they are in CRM.

    You can try the SharePoint Security Sync app by Inogic. It automatically synchronizes the security privileges from your Dynamics 365 CRM to SharePoint.

    This means that if a user does not have access to a Contract record in your Dynamics 365 CRM, the same restrictions will apply in SharePoint, preventing them from viewing or opening documents associated with that Contract by accessing them through the related Account folder.

    Furthermore, this app makes files and data easily accessible. Its custom folder feature enables you to design a personalized library and record folder structures tailored to your specific needs within SharePoint, effectively addressing the 5000-file limit issue.

    You can install the app from Inogic or Microsoft AppSource at no cost for a 15-day trial to evaluate its functionality, or you can schedule a demo to gain insight into how the application solution works.
    For more information, please contact at crm@inogic.com.
     
    Thanks,
    Sam
  • Community Member Profile Picture
    Community Member Microsoft Employee on at
    RE: CRM/SharePoint Security

    Hi Sukh,

    long ago your request but with CB CRM to SharePoint Replicator you can close this security gap between CRM and SharePoint: https://www.connecting-software.com/dynamics-crm-sharepoint-permissions-replicator/ 

    All documents access permissions are replicated to the of of the box integration between CRM and SharePoint.

    Cheers

    Thomas

  • Scott_130 Profile Picture
    Scott_130 5 on at
    RE: CRM/SharePoint Security

    Hi Sukh,

     

    There is a commercial off-the-shelf security plugin that allows for hierarchical security to be implemented in SharePoint.

    http://www.berkeleyit.com/enterprise-security-services-platform-for-sharepoint/

    ESSP allows you to configure your organizational hierarchy within SharePoint and then limit who can view an individual document in a library based on that hierarchy.

     

    So for example if you had a "Contracts" document library, you could upload a document and apply a "Limited Distribution" to the Marketing department. When anyone from outside the Marketing Department navigates to the Contracts document library they won't see that document.

     

    Hope this helps.

    Regards,

    Scott

  • Tomas Olejnik Profile Picture
    Tomas Olejnik 10 on at
    RE: CRM/SharePoint Security

    Hello Gill,

    there is a commercial solution solving your issue without coding. It applies permissions on SharePoint folders referenced from CRM based on CRM security configuration (business units, privileges, record owner, roles, team, access teams, access team templates, sharing ... ).

    http://connecting-software.com/index.php/en/solutions/products/cb-dynamics-crm-privileges-to-sharepoint-permissions-replicator

  • Sukh Gill Profile Picture
    Sukh Gill 967 on at
    RE: CRM/SharePoint Security

    Again thanks or the response Scott.

    Problem I have is that the customer wants to use the hierarchical model and also they don't want each Business Unit to have its own site as they don't really have strict security for different business units.  The only real document that needs securing are Contract documents and they want these to be stored against the Account records that other users have access to.

    I'm going to do more investigation and appreciate your comments on this, I'm trying to ensure that I get this done with little code as possible in the tight deadline I have.

    Cheers

    Sukh

  • ScottDurow Profile Picture
    ScottDurow 50,177 on at
    RE: CRM/SharePoint Security

    Hi Sukh,

    IMHO using content types is not the right approach since this is mixing up metadata and security which are two different things. It would be far cleaner to automate folder creation in a pre-secured location specific to the business unit.

    Scott

  • Sukh Gill Profile Picture
    Sukh Gill 967 on at
    RE: CRM/SharePoint Security

    Thanks for the response Scott.

    What I was thinking was to use Content Type when uploading documents to SharePoint and we can then apply a security group to the specific Content Type.  That way when a user uploads a document they select a Content Type that is restricted to specific users.

    Problem with this is that even though you can upload a document directly in SharePoint and then select the Content Type, I do not get the same behaviour in CRM.  CRM only allows me to upload the document but does not give me the option to then select a Content Type.  With list components this was possible (say was as we have enabled server based integration).  When I upload document directly in SharePoint I am then presented with the following screen which is what I want in CRM:

    My options I have available without the use of code I believe are the following:

    1) Get users to upload documents directly in SharePoint for this type of document so they can specify the Content Type.

    2) Create a custom button that uses the SharePoint Upload button (as I believe this behaves differently to the CRM upload button).

    Sukh

  • Suggested answer
    ScottDurow Profile Picture
    ScottDurow 50,177 on at
    RE: CRM/SharePoint Security

    Hi Sukh,

    You have two options:

    1. Secure the folder in SharePoint that holds the contract document  by breaking the inheritance - this is not always a good idea since lots of separately secured folders (>5000) can affect performance. Since CRM queries SharePoint under the user context, it will only show the documents in the account record that that user has access to.

    2. Not use the hierarchical modal and store your contract documents in a separate document library. The issue will always be that although users cannot see the contract documents by default - they could go looking for them.

    The only way to truly get round this issue is to define a hierarchical security model in SharePoint where each business unit has their own site - then you will need to either manually (or automatically through code) create the corresponding contract folders in the correct team site.

    Hope this helps,

    Scott

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

December Spotlight Star - Muhammad Affan

Congratulations to a top community star!

Top 10 leaders for November!

Congratulations to our November super stars!

Tips for Writing Effective Suggested Answers

Best practices for providing successful forum answers ✍️

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 291,253 Super User 2024 Season 2

#2
Martin Dráb Profile Picture

Martin Dráb 230,188 Most Valuable Professional

#3
nmaenpaa Profile Picture

nmaenpaa 101,156

Leaderboard

Featured topics

Product updates

Dynamics 365 release plans