locked
What are the authentication/authorization requirements for a user calling CRM web services to modify data? RRS feed

  • Question

  • Like most companies, we do some data integration between systems. Our tool of choice to do this is SSIS.

    We have jobs that read data from other sources (such as the ERP system) and which need to update CRM with the data. The pattern is fairly simple: read from source database, call CRM web services to write the data into CRM.

    However, we have had a few problems with figuring out what the connection string details should be for the CRM web service calls. Specifically, I would like to know what the requirements are for the user being set in the connection string. Even more specifically:

    1) Does it need to be a user in the CRM application? (ie, does a row need to exist in systemuserbase?)
    2) If yes for 1, what are the permissions required by this user in terms of the CRM application in order to give it blanket permission to modify any and all CRM data (it's a system account so it needs to be able to modify anything we choose to integrate)
    3) Does the user need to be a member of the SQLAccessGroup or any other AD groups created by CRM setup?
    4) Anything else I'm missing?

    Cheers!



    • Edited by allmhuran Tuesday, June 9, 2015 5:54 AM typos
    Tuesday, June 9, 2015 5:31 AM

Answers

  • Answering the questions in turn:

    1. Yes
    2. It needs rights on all operations and entities that it may interact with. The only CRM role that has all these is System Administrator, but that is excessive. It'd be better to create a new role and grant all permissions on the entities
    3. No - Crm will do the SQL access 
    4. No

    Microsoft CRM MVP - http://mscrmuk.blogspot.com/ http://www.excitation.co.uk

    • Marked as answer by allmhuran Wednesday, June 10, 2015 2:18 AM
    Tuesday, June 9, 2015 9:03 AM
    Moderator

All replies

  • Answering the questions in turn:

    1. Yes
    2. It needs rights on all operations and entities that it may interact with. The only CRM role that has all these is System Administrator, but that is excessive. It'd be better to create a new role and grant all permissions on the entities
    3. No - Crm will do the SQL access 
    4. No

    Microsoft CRM MVP - http://mscrmuk.blogspot.com/ http://www.excitation.co.uk

    • Marked as answer by allmhuran Wednesday, June 10, 2015 2:18 AM
    Tuesday, June 9, 2015 9:03 AM
    Moderator
  • If you are using SSIS, the toolkit from Kingswaysoft can make this process a whole lot simpler.

    http://www.kingswaysoft.com/products/ssis-integration-toolkit-for-microsoft-dynamics-crm

    Tuesday, June 9, 2015 7:23 PM
  • Cheers for the replies.

    A bit of info for anyone else who is doing CRM integration using SSIS: it looks like the issue was not related to anything in CRM as such, but rather the TaskFactory plugin for SSIS. As far as I can see, if you are using 2012 SSIS with project parameters, the task factory component does not behave properly. We kept getting "caller was not authenticated by the service", which prompted my question here. However, when I set the connection manager fields on the deployed package directly (using the same values as provided in the project connection string parameter) the package succeeds.

    But thanks for the confirmation regarding CRM settings all the same, it narrowed the scope of the problem which allowed me to identify this issue with TaskFactory more quickly!
    • Edited by allmhuran Wednesday, June 10, 2015 2:23 AM
    Wednesday, June 10, 2015 2:22 AM
  • For SSIS-based integration check also the commercial COZYROC SSIS+ library. The library includes Dynamics CRM adapters and many other useful SSIS extensions. For testing and development from Visual Studio (BIDS), no license key is required.

    SSIS Tasks Components Scripts Services | http://www.cozyroc.com/

    Saturday, August 8, 2015 8:58 AM