Dynamics Community Forum Thread Details

Document Management for Dynamics 365 - SharePoint Access Control based on Business Process Flow Stage

Hi All,

We are using Dynamics 365 online in Gov Cloud. We have an Entity with a Business Process Flow that has multiple stages. Each stage is owned by a team (Owner Team) and there are use cases when 2 or more different stages are owned by the same team. For Example, Stage 1 is owned by Team A, Stage 2 is owned by Team B, Stage 3 is Owned by Team A and so on. All our users have a Team Member license and are part of a single team. We use SharePoint Online for Document Management and Versioning. Each Dynamics record has one or more word documents in its SharePoint location, our requirement is when a record is in Stage 1, only Team A should be able to access the document (from Dynamics 365 document grid, directly through SharePoint URL, MS word Application or by any other means).

We are planning to achieve this functionality by dynamically controlling the SharePoint Security, that is, break the security inheritance from the site level and provide the access to users (dynamically) at the folder level based on the Dynamics 365 record stage. But we are facing lots of challenges, here are our questions:

Can we achieve this with a plugin that will trigger on Stage Change and configure the SharePoint Security based on Stage? We are using Dynamics 365 online, we may not be able to use/reference SharePoint dlls. Is it possible to merge dlls and try using "clientContext"? Is this a good solution?
Can we try using Microsoft Power Automate(Flow) - CDS Update trigger? Will Flow be able to break SharePoint inheritance? The users who move moves the records to Next stage has only contributor privileges in the SharePoint (not admins) , should I update a field or something with Admin account (during on change of a Stage) and then trigger the flow? The trigger looks like premium, is there any other free trigger I can use?
Is there a better way to achieve this requirement?

FYI, we don't have Global Admin Privilege/Admin Privileges in our tenant, we are admins of our Dynamics 365 Instances and SharePoint sites. Kindly provide suggestions, any assistance would be greatly appreciated. Thanks in advance!

Santhoop,

My first idea would be to look into a Dynamics 365/Sharepoint security synchronization solution. I believe Connected Software has one that works well, and I would try to marry that solution to Access Teams in Dynamics 365. I would look into Andrew Butenko's Ultimate Workflow Toolkit since I know there is a step in there to add/remove people to teams and that may work for Access Teams.

The idea is that when you reach stage 1, Team A's members will be added to an access team which then be synchronized to Sharepoint security via whatever tool you use for that, and then when the BPF reaches stage 2, then Team B will be added to the team and the solution will sync permissions with Sharepoint and so on and so forth.

Quick Links

Leaderboard > Microsoft Dynamics 365 | Integration, Dataverse, and general topics