Initially or ‘out-of-the-box’ the security model in Dynamics and Power Apps has no synchronisation with the security model in SharePoint.
This means that without integration any security rules we configure in Dynamics or Power Apps will need to be manually configured in SharePoint to ensure both systems share the same access levels. (or we run the risk of Documents being available to Users who should not have access to them)
DocDrive solves this problem by integrating security from Dynamics and Power Apps into SharePoint.
At one level this means that we can pass the Users connected with a record in Power Apps into SharePoint so the User or Users with access in Power Apps have their access mirrored with SharePoint:
This is often implemented for the core Owner field in Power Apps as every record in Dynamics or Power Apps typically has an Owner.
Setting the Owner here in Dynamics will then reflect in SharePoint:
But this approach to the shared security is very User Specific and so can be difficult to govern.
The way we manage this better is by using Teams in Power Apps mirrored with Security Groups in SharePoint.
So if take the same example above but instead of having the record owned by a User, we assign the record to a Team, this then grants everyone in that Team access to the Record in Power Apps and similarly grants everyone in that Team access to the Documents Location in SharePoint.
When we then add or remove Users to this Team in Power Apps - this is immediately synchronized to the Group in SharePoint.
Our Team in Dynamics – we can add or remove Members here as we do for any other Team.
The changes are then immediately available in SharePoint – and so applied to any of the Sites, Libraries or Folders that are using this Team for their Security
This means that any changes to our Teams automatically and immediately grant or remove access to the relevant records and documents - without having a large volume of User Specific permissions to manage as this can make Joiners and Leavers difficult for governance.
Using the Teams and Groups approach here - we can simply add or remove users to the Teams and the Team then set their permissions.
Each Business Unit in Power Apps and Dynamics has a default Team that encompasses all the Users in that Business Unit - and this auto Team can be useful to help set security for that Unit.
This is then available to us in SharePoint to see the Documents restricted to Users in that Business Unit + the 2nd Team we have added here via a Custom Field:
As users will be automatically added and removed from the Business Unit Team as they are added or removed from the Business Unit – this can be a quick and easy way of ensuring both systems security is kept in synch.
Particularly as we can setup Workflow in Dynamics / Power Apps to automatically tag each Record owned by a User as being available to all the other Users in the same Business Unit as a simple ‘I can access information in my Business Unit but not others’ security model.
When combined with other potential Access Teams – this can start constructing a Business Unit Security Model that is applied to both Dynamics and SharePoint consistently, plus, give us a method for allowing confidential access or super users to access Records and Documents across different Business Units if we have a layer of high-access or super users.
This area of joining up Dynamics and SharePoint security is a key feature of DocDrive and we can take a deeper look at how this is done in the next article in this series here: