Syncing CRM 2011 and SharePoint Security

4
votes

I have integrated our SharePoint site and our Dynamics CRM 2011 system so that we can upload documents from CRM. But i had a thought that through security in CRM users can only see records relevant to them, but if they just went to the SharePoint site they'll be able to see documents related to any record even if they couldn't see it in CRM.

So i was wondering if its possible in some way to 'sync' the security from CRM into SharePoint so that users can't see what they're not meant to in either system.

Thanks

2
securitysharepoint-2010synchronizationdynamics-crm-2011

2 Answers

5
votes

It is possible out-of-the-box. There is a commercial CB Replicator solution that solves exactly this problem. It performs complex mapping of CRM security model into SharePoint groups and and folder level permissions.

Shortly described it deploys tiny plugin into CRM that collects all the events that could require change of permissions. There is a standalone service that gets these events and write proper permissions into SharePoint as item level permissions on referenced folders by sharepointdocumentlocation entity.

It support various action in CRM that lead into permissions change, e.g.s security roles, business unit hierarchy, privilege depths, team membership, access team, access team templates, sharing.

2
votes

Unfortunately this isn't possible out of the box. SharePoint's security model is usually based on AD groups, whilst CRM uses in-app security roles applied per user.

To keep these in sync would require some custom development on the server side, that is if it's possible at all.