Support Portal ContactGet in touch

Using DocMan to integrate Security from Dynamics to SharePoint

   Words by CRM Consultancy

   on 12/10/2018 13:00:00

imageThe security models in Dynamics and SharePoint work under quite different models, and this means there is no out-of-the-box integration to keep Security for Documents in-sync with Security in CRM.

So we often have a common requirement to bring the two systems together and have a manageable security model between the two.

DocMan enables functionality in Dynamics that allows us to synchronise permissions from CRM and publish to SharePoint, for both Users and also for Teams.

The following article shows how to activate this in Dynamics and DocMan, and then look at next steps in how to make use of this functionality.

Step 1 – Choose the Model of Dynamics to SharePoint Security

We can open the DocMan Config Area in Dynamics and specify how we want security managed between Dynamics and SharePoint – the option we are going to look at in this article is ‘Stakeholders from CRM to SharePoint’ and so we set the Permissions Management dropdown to this option.

image

This will by default activate Security for all Document-Enabled Entities in Dynamics.

However if we want to deactivate security for a particular Entity then we can open the DocMan Config for that Entity and set the ‘Set Permissions’ field to NO – this will then deactivate any security synchronisation for Records of that Entity in Dynamics to the corresponding Document Location in SharePoint.

image.

We can now have Security Synchronisation activated for the Entities we want permissions managed between Dynamics and SharePoint.

By doing this, we will then see a Tabbed Format to our Documents Panel within Dynamics – with the default Tab showing our usual Documents Area, and an additional Tab for ‘Access Team’.

image

Step 2 – Setting Permissions by Building the Project Team

With the config in place we can use the Access Group Tab to set the Users and Teams that form the Project Team for this Record in Dynamics, and so should have relevant permissions to the Documents for this Record in SharePoint.

image

This allows us to define the permissions on a Record by Record basis that are then synchronised to the SharePoint Site for this Record in Dynamics.

image

This is great to a point – but ideally we will want some of our Permissions being set from Fields or Workflow in Dynamics rather than forcing a User or Administrator to manually configure the Permissions for each Record.

For this, the logic in DocMan will automatically set certain Users or Teams into the Panel of Permissions for each Record – by default this focuses on the standard Owner field in Dynamics and ensures the Owner is set as a Contributor in SharePoint.

However the list of Users or Teams that are automatically configured (and so shared to the SharePoint Document Location) is configured by either:

  • Configuring ‘Synch-Fields’ in the DocMan Configuration Area to automatically synchronise certain Lookup Fields as Users or Teams shared into the record.
  • CRM Workflow to automatically define the Stakeholder Records, which DocMan will then synchronise through to SharePoint

This then touches upon several other areas between Dynamics and SharePoint Security which will be the focus of follow-up guides:

  1. Configuring Synch Fields for Automatic Permissions beyond just Owner
  2. Unique Permissions for Document Libraries and Folders as well as Sites
  3. Inherited Permissions vs Unique Permissions

Step 3 – Teams over Users

As we have seen in the Panel above, we can define both Users and Teams that will have access to the Case in CRM and the corresponding Document Location in SharePoint, however Teams is a far stronger way of managing security between the two systems as this requires less maintenance when New Users join the business or Users leave the business.

To manage this side, we can define our Teams in Dynamics and view the Publish-to-SharePoint functionality that DocMan introduces:

image

Here we can add or remove Users to our Team in Dynamics as we would do normally to define a Team.

When done, we can check the PUBLIHS Checkbox that DocMan adds to Dynamics.

This will then publish the Definition of the Team over to SharePoint – defining the Team and so being ready to use in the Sites and Sub-Sites that Dynamics is connected to.

image

Using the Team here then gives us stronger maintainability for how security is shared between Dynamics and SharePoint.

This gives us a useful tool for managing security, however the division of security between Site Collections, Sites and Child Sites then forms a topic all of its own depending on how strict our Security Environment is.

The following article is focused on Content Types and how these can be defined at different levels in the SharePoint hierarchy, but many of the core concepts also relate to Security in how and where our Security Levels are defined.

Where’s my Content Type?

For the moment however we can enable this functionality and begin looking at how this helps us get our Security right between Dynamics and SharePoint, and then look at next steps for more advanced points and automating who is shared on a record or Case.

Find out more about DocMan here

Prefer to go old-school?

Write to us using the below addresses.

Head Office
CRM Consultancy
61 Oxford Street
Manchester
M1 6EQ

London Office
CRM Consultancy London
Grosvenor Avenue
London

Content © CRM Consultancy.