locked
CRM 2011, SharePoint 2010 and Document Libraries [Security Permissions]

    Question

  • Hi Folks,

    I'm looking for advice please on the following situation:

    We have, for example, 3 business units that each store seperate records and cannot view each others data. We want to integrate SharePoint into the CRM to allow for better indexing, storage and version management of documents.

    The questions I have are:

    • Is there a way of getting each BU to point to a different document library - so sales literature from BU1 goes to sharepoint/documents/bu1 and the same data from BU2 goes into a bu2 folder?
    • What's the best way of securing SharePoint so that people cannot access data they wouldn't be able to access through CRM?
    • If code is the solution would the code be a CRM solution or a SharePoint plugin (or both?) - any examples anywhere that people know of?

    I know it's a lot of asking, but I can't quite get my head around it all - it looks as though CRM and SharePoint link in very closely, but that security is one area that poses a bit of a hole and also an administration headache if it's not planned out properly before implementation!

    All help is gratefully recieved :-)

    Thanks in advance

    Monday, October 31, 2011 1:44 PM

Answers

  • Hi Donna,

    Thanks for the response - I'd seen a couple of the links before but didn't know if anybody had come across a complete integration solution.

    My current thinking, and I've done a little testing around this, is to create custom entities specific to each business unit with the entity having certain fields (e.g. keywords, description, document title etc) and being Doc Library enabled so that a corresponding folder gets created in SharePoint. This then means I can set the Doc Library security permissions and have all child folders inheriting the permissions.

    It's a bit of a sledgehammer solution but seems to do most of what we need - and makes the SharePoint Security aspects a bit easier to manage (although it would still be *really* nice if there was a solution out there for this purpose)

    As I've been thinking, the easiest solution I can think of is to have a cross-reference table in CRM that lists teams and their corresponding Active Directory groups. A plugin then retrieves this list and configures SharePoint Security accordingly (a very basic overview of an idea there but you will hopefully see what I mean) - unfortunately I'm not much of a coder so until I can either a) learn or b) Microsoft implement better all-round integration I think I'm stuck with just trying to keep the extra admin workload to a manageable minimum.

    Cheers,

    Mike

    • Marked as answer by Mike Hartley Monday, November 14, 2011 12:03 PM
    Wednesday, November 2, 2011 11:50 AM

All replies

  • I think this article might help as a starting point.

    1. To customize document library links, you'll need to write some customization
    2. Sharepoint security is separate from CRM security so you'll need to manage Sharepoint security from within Sharepoint.  Since CRM users can only access CRM records they have access to then they will only be able to see the documents related to those records when accessing through CRM
    3. Examples for customized document library

    http://crmconsultancy.wordpress.com/2011/10/23/crm-2011-integration-with-sharepoint-taking-a-deeper-look/

    http://crmconsultancy.wordpress.com/2011/10/27/crm-2011-integration-with-sharepoint-custom-document-management/

    http://blogs.msdn.com/b/emeadcrmsupport/archive/2011/07/05/sharepoint-integration-with-crm-2011.aspx

    I hope this helps.


    Regards, Donna

    Monday, October 31, 2011 3:44 PM
  • Hi Donna,

    Thanks for the response - I'd seen a couple of the links before but didn't know if anybody had come across a complete integration solution.

    My current thinking, and I've done a little testing around this, is to create custom entities specific to each business unit with the entity having certain fields (e.g. keywords, description, document title etc) and being Doc Library enabled so that a corresponding folder gets created in SharePoint. This then means I can set the Doc Library security permissions and have all child folders inheriting the permissions.

    It's a bit of a sledgehammer solution but seems to do most of what we need - and makes the SharePoint Security aspects a bit easier to manage (although it would still be *really* nice if there was a solution out there for this purpose)

    As I've been thinking, the easiest solution I can think of is to have a cross-reference table in CRM that lists teams and their corresponding Active Directory groups. A plugin then retrieves this list and configures SharePoint Security accordingly (a very basic overview of an idea there but you will hopefully see what I mean) - unfortunately I'm not much of a coder so until I can either a) learn or b) Microsoft implement better all-round integration I think I'm stuck with just trying to keep the extra admin workload to a manageable minimum.

    Cheers,

    Mike

    • Marked as answer by Mike Hartley Monday, November 14, 2011 12:03 PM
    Wednesday, November 2, 2011 11:50 AM
  • Hello Donna, you state :"Since CRM users can only access CRM records they have access to then they will only be able to see the documents related to those records when accessing through CRM" -

    but the users can just type in the URL of the document location in the browser and of course have access to all documents - regardless of the crm permissions !!

    Thursday, November 3, 2011 1:56 PM
  • Um, right, and that is why I also stated, "Sharepoint security is separate from CRM security so you'll need to manage Sharepoint security from within Sharepoint"

    The quote you stated is still correct as security applies when a user accesses the document from within CRM.  Copying a pasting a Sharepoint URL is not accessing the document through CRM.  It is accessing it directly through SharePoint.


    Regards, Donna

    Thursday, November 3, 2011 2:01 PM
  • Hi Norbert,

    This is my main concern - and main annoyance. It really would be nice if you could synchronise CRM security with SharePoint Doc Library security as part of the integration.

    The solution I am running with for this is the custom entity option, with document libraries enabled, as I detailed above. It's about the only way I can ease the additional load of SharePoint Administration and keep it fairly simple.

    Monday, November 7, 2011 1:56 PM
  • Dear all,

    Any update on "synchronise CRM security with SharePoint Doc Library security as part of the integration".

    It will be great,if you guys just guide me on this.

    Monday, July 22, 2013 1:07 PM
  • Hello all,

    Currently I'm working as developer on solving this issue. It applies security of whole CRM sec. model: security roles, teams, access teams, sharing and business units.  Unfortunatelly I cannot find any free/commecial solution covering this issue out of the box. There is a possibility to implement some integration on your own service but it could be pain - to develop, to verify secrity and to test or possibly try our solution.

    I know that I should not put commecial stuff here (feel free to remove) but I'm too busy to create a dedicated video without our logos. You can have a look at youtube.com/watch?v=pCZnurm7sLc. I think this is good starting point to undestand the problematics and simly explain how to solution should look like.


    Wednesday, May 21, 2014 8:55 PM
  • Hello,

    the solution has been sucessfully tested and it is working. So far there is no free or paid alternative to our product covering this issue. Check out product page if you are interested (http://connecting-software.com/index.php/en/solutions/products/cb-dynamics-crm-privileges-to-sharepoint-permissions-replicator).

    • Proposed as answer by Tomas Olejnik Monday, June 22, 2015 11:46 AM
    Tuesday, September 23, 2014 11:21 AM