i want to know the purpose of these dynamics CRM tables as i am trying to understand the internals of the dynamics CRM security model.
The following is a great article that's going to help you to understand how the security model works:
CRM Security Model Internals
In this post I’ll describe some of the CRM Security Model internals. I’ll describe how roles and privileges are used under the covers, how security is enforced for different operations, and some of the internal structures that make it possible.
Related
I would like to be able to supply external users (customers, potential leads, suppliers) across organisations and internal users inside my organisation with documents.
The documents should be organisable per user individually. E.g. Customer A should be able too see documents for the product he bought, not more and not less documents.
No further functionality is currently needed besides that.
Is SharePoint the right tool for that job?
If not what other tools can you recommend from your experience?
I see you tagged SharePoint 2019, I'd advise against using on-prem SharePoint for Sharing documents externally. It is possible, but to do it securely is complex and expensive.
O365 on the other hand is pretty simple and the security is already implemented for you. You can determine the level of access that your external users have and you can extend that by using additional tools provided by Microsoft Information Protection.
You can secure access by forcing guests to login or simply have anonymous links. To add to that you can automate your publishing processes using Power Automate, the O365 workflow.
Take out a trial subscription and make sure it meets all your requirements first.
I'm developing a document management based on the crm sharepoint integrations at the moment. It is realy a nice way to take advantage of the sharepoint document capabilities inside crm 2011.
BUT!:
I see a huge drawback with this attempt, because the sharepoint security model differs from the crm security model. This way, even if a user has no acces to a account entity, for example, it is possible for him to go to the sharepoint site and look at the documents of this entity, because he got permissions on the list for his own account entities.
Why the heck there is no thread about this big security problem? Is there maybe a simple solution to get around this problem?
I hope someone is able to help me.
Best regards,
Gerrit
There exists a commercial out-of-the-box solution solving this problem from Connection Software company (http://connecting-software.com/index.php/en/solutions/products/cb-dynamics-crm-privileges-to-sharepoint-permissions-replicator).
Basically they deploy tiny plugin into CRM that collects all the event that can possibly require change of permissions. There is a extra service that is processing these events and writes folder-level permissions into SharePoint accordingly.
Eugh. Sharepoint.
In my opinion there is no easy way around this and there are other problems with the way it integrates.
I was on a project where we discussed options around this very issue but was moved on before we came to a conclusion.
My suggestion was to use the Sharepoint Security APIs to assign permissions on SP based on roles/events in CRM. All users start with no permissions in SP.
e.g.
User is assigned as owner in CRM - use plugin to call SP API to give permissions to that specific folder. Previous owner has permissions removed.
Opportunity is created. Use SP security API to give permissions to owner of Opportunity to the folder associated with the opportunity.
And etc etc and so on.
It isn't too pretty and depending on requirements could become particular pain to maintain and test, but I didn't see many other options.
But there are plenty of problems with SP integration I think I was lucky that I was moved on to another project!
I need to enhance MS CRM Role based security model with more criteria to filter on. I.e. in addition to Business Unit access level, I need to add location access level, team access level and some other access layers based on custom entities.
I brushed through internet and MS CRM 2011 SDK but haven't found an example, how I can enhance Role based security model. Is it possible?
If it is, can you point me on example how I can achieve this?
In CRM 2011 you have more options in security model:
You have the concept of teams, that can have users from different BUs
You have security-field, to enhance the security for a field
See here resume of all options in CRM 2011. See also this article.
Another option you have is using Javascript to add more criteria:
http://www.powerobjects.com/blog/2011/10/20/how-to-hide-a-button-on-the-ribbon-in-dynamics-crm-2011/
http://blogs.infinite-x.net/2010/11/16/retreiving-user-roles-in-crm-2011/
http://crmdm.blogspot.pt/2011/03/how-to-hide-show-tab-in-crm-2011-using.html
http://crmdm.blogspot.pt/2011/02/how-to-hide-control-in-ms-crm-2011.html
I have integrated our SharePoint site and our Dynamics CRM 2011 system so that we can upload documents from CRM. But i had a thought that through security in CRM users can only see records relevant to them, but if they just went to the SharePoint site they'll be able to see documents related to any record even if they couldn't see it in CRM.
So i was wondering if its possible in some way to 'sync' the security from CRM into SharePoint so that users can't see what they're not meant to in either system.
Thanks
It is possible out-of-the-box. There is a commercial CB Replicator solution that solves exactly this problem. It performs complex mapping of CRM security model into SharePoint groups and and folder level permissions.
Shortly described it deploys tiny plugin into CRM that collects all the events that could require change of permissions. There is a standalone service that gets these events and write proper permissions into SharePoint as item level permissions on referenced folders by sharepointdocumentlocation entity.
It support various action in CRM that lead into permissions change, e.g.s security roles, business unit hierarchy, privilege depths, team membership, access team, access team templates, sharing.
Unfortunately this isn't possible out of the box. SharePoint's security model is usually based on AD groups, whilst CRM uses in-app security roles applied per user.
To keep these in sync would require some custom development on the server side, that is if it's possible at all.
I have integrated our application with Microsoft Dynamic GP. If any of the user in Dynamics GP has updated any customer/vendor/other, then we need to update those data in our application.
How can we achieve this?
There are many ways you could do this, but the three that immediately come to mind are:
Add your own triggers to the Dynamics GP tables that you're interested in. Make sure you test them well (so that they don't break GP), and that you script them out, since upgrades to GP might result in (or require) their removal and subsequent re-deployment.
Use Microsoft eConnect for Dynamics GP (http://msdn.microsoft.com/en-us/library/aa973830.aspx), and leverage its Transaction Requester Service (http://msdn.microsoft.com/en-us/library/aa973839.aspx). [I'm a Microsoft partner, and I consult on these products, but I'm not otherwise affiliated with Microsoft.]
Use a third-party app like SmartConnect from eOne Business Solution (http://www.eonesolutions.com.au/content.aspx?page=SmartConnect), which leverages the eConnect runtime, and which provides a toolset that simplifies the creation and management of integrations with Dynamics GP, including real-time integrations. [I'm not affiliated with eOne - just a fan of SmartConnect.]