Support Portal ContactGet in touch

Unique Permissions for Document Libraries and Folders as well as Sites

   Words by CRM Consultancy

   on 13/10/2018 13:00:00

image_thumb54Using DocMan, each Entity in Dynamics can be configured with a number of Rules or Maps that define what area in SharePoint should be used or created for each Record in CRM of that Entity.

This is defined in the DocMan Configuration Area as the list of Metadata Entities.

Each Metadata Entity containing the Rules and Configuration for how this Entity will work with SharePoint:

image

Defining the Rules for the Lead Entity in DocMan – to define what should happen in SharePoint for each Lead Record added to Dynamics 365

These Rules fall into the following camps:

  • Site Map Rule – defines which SharePoint Site or Site Collection should be used for this Entity.
    • If left blank, then this takes the Default SharePoint Site defined in Dynamics
  • Parent Map – defines a Parent Entity or Rule in DocMan that should be used to build hierarchy-based rule sets. (so an Opportunity will fit into the existing structure for the Company that the Opportunity relates to)
    • In the above example, looking up to a Parent Map for a specific Documents Library in SharePoint.
  • Bucket Map – defines a Holding Location
    • In the above example, a fixed Folder for ‘Leads’ in the Document Library
  • Dynamic Map – defines the SharePoint Location per CRM Record
    • In the above example, a Folder per Lead based on the Lead’s Fullname

Within these Rules we can also define whether this area in SharePoint uses Inherited Permissions or Unique Permissions – this is typically done at the Dynamic Map Level as the bottom-most location in the hierarchy for Records of this Entity. (a SharePoint Folder per CRM Lead in our example above)

Inherited Permissions are simpler as this simply uses the general permissions in place for the Site, Library or Parent Folder above the record in the hierarchy.

However we often need to define records that have Unique Permissions as defined by their relationships or fields in Dynamics.

To do this we can configure the Rule in DocMan that creates the SharePoint Location with the ‘Inherit Permissions’ flag set to ‘Unique Permissions’.

image

Rule in DocMan defining a New Folder for each Lead Record, using Unique Permissions per Lead

This will configure DocMan to create the new Site, Library or Folder for a Record with a Unique Set of Permissions in SharePoint – where these Unique Permissions will be defined from Dynamics and published into SharePoint.

In this particular example, defining that each Lead Record in Dynamics will create a new Folder in SharePoint with a Unique Set of Permissions from the Parent Document Library or other Folders.

image

Folder in SharePoint that is using Inherited Permissions from the Parent Folder or Document Library in which the Folder resides

image

Folder in SharePoint using Unique Permissions published by DocMan from Dynamics

This combination of selecting what Type of SharePoint Container should be created by DocMan, and whether Inheritance vs Unique Permissions allows us to control a more granular level of security in SharePoint – and so control access to certain Documents or SharePoint Locations based on the Users and Teams in Dynamics 365.

image

Choosing the Type of Location for our Rule

This sets the Security at the Site Level, Document Library / List Level or right down to the Folder Level to make our Security consistent between Dynamics and SharePoint.

image

Managing our SharePoint Security for the Folder within Dynamics – depending on our Rule, this can be the Security for the Site, Library or Folder

Giving us a strong control over the level of security we want between Dynamics and SharePoint.

As stated, Inherited Permissions are simpler for our End Users and generally easier to manage, but this configuration in DocMan gives us the right options for the right scenario.

This article builds on the earlier post for Using DocMan to integrate Security from Dynamics to SharePoint.

Prefer to go old-school?

Write to us using the below addresses.

Head Office
CRM Consultancy
61 Oxford Street
Manchester
M1 6EQ

London Office
CRM Consultancy London
Grosvenor Avenue
London

Content © CRM Consultancy.