CB Dynamics 365 to SharePoint Permissions Replicator
The out-of-the box integration between Dynamics CRM and SharePoint document storage has a lot of advantages but also some disadvantages. The most significant disadvantage is the absence of permissions integration. Each one of those systems has its own security model and there is no out-of-the-box integration between them. This undesirable behaviour causes serious security issues in many companies.
The CRM SharePoint Permissions Replicator product solves this problem easily:
- Replicates CRM permissions on item, file, folder, list, document library or even a SharePoint site
- Supports client based integration (IFrame, crmlistcomponent)
- Supports server based integration
- Event-based service
- Provided as a cloud service (no need to install)
2. How Does It Work
The CRM SharePoint Permissions Replicator consists of 3 basic components:
- Connecting Software SaaS Portal (https://saas.connecting-software.com/)
- CRM SharePoint Permissions Replicator cloud service
- CRM Solution – CB Replicator
Connecting Software SaaS Portal takes care about configuration, subscription management and monitoring.
CRM SharePoint Permissions Replicator cloud service is responsible for running the permissions replication process.
CRM Solution contains plugin that registers all the steps that can influence permissions in Dynamics CRM. When one of those steps occurs the plugin will notify CRM SharePoint Permissions Replicator service, the service will ensure that the permission will be written into SharePoint. This ensures that the rights within the CRM will be replicated accordingly to the SharePoint folder(s). There are several ways to change permissions in CRM and this solution covers all of them:
- Security roles
- Teams, access teams and access team templates
- Business unit
- Hierarchy security – manager and position (CRM 2015, 2016 and Online)
This service will break role inheritance and modify security inside SharePoint. We are not responsible for recovering permissions to the initial state. Please test the service in your test environment first and create backups before implementing to the production environment.
We rely on item level security at folder level in SharePoint. Any manual changes to item level security for influenced document libraries (sharing, etc.) can interfere with our service and may lead to inconsistent behavior or service malfunction.
3. System Requirements
- Internet access to our portal (https://saas.connecting-software.com/)
- Single CRM user – System Administrator (login and password)
- Single SharePoint user – Site collection administrator (login and password)
- Dynamics CRM and SharePoint must be accessible outside your network (Microsoft Azure Cloud)
- Properly configured document management between CRM and SharePoint
- Properly working Microsoft Dynamics CRM Sandbox Processing Service in on premise Dynamics CRM (our solution contains CRM plugin running in sandbox isolation mode)
To purchase the CRM SharePoint Permissions Replicator product, visit our webpage @ www.connecting-software.com and choose “CRM SharePoint Permissions Replicator” from the products menu as shown below in figure 1.
Figure 1: Connecting Software Home Page
From the “CRM SharePoint Permissions Replicator” product page shown below in figure 2, click the pricing tab to view the pricing page with the available purchase plans as shown in figure 3.
Figure 2: CRM SharePoint Permissions Replicator
Click “SaaS Free Trial” to get your free trial to test the product first or you could purchase a paid subscription as shown below in figure 3 by clicking “Buy Now”.
Figure 3: CRM SharePoint Permissions Replicator Pricing Page
Click “Add to Cart” to add the product to your cart.
Figure 4: CRM SharePoint Permissions Replicator Free Trial
Complete your purchase profile and place your order by clicking “Place Order” button
Figure 5: Ordering CRM SharePoint Permissions Replicator
You will see an order confirmation on the screen
Figure 6: CRM SharePoint Permissions Replicator Order Confirmation
You will get 2 emails from us. An order confirmation email and a guidelines email
Figure 7: Order confirmation and guidelines emails.
Click the link pointing to our SaaS portal from step 1 to access your SaaS portal and configure your “CRM SharePoint Permissions Replicator”
5. Login to your SaaS Portal Account
After clicking the link shown before in figure 7 pointing to our SaaS portal https://saas.connecting-software.com/, you need to login to your SaaS portal account if you have one already or create a new one.
Now, you need to create a new configuration for Dynamics CRM organization and SharePoint site collection.
The following chapter describes the configuration process of CRM SharePoint Permissions Replicator.
Single configuration means replication of a single Dynamics CRM Permissions to a single SharePoint site. You can create multiple configurations like this.
6.1. Create a configuration
To create a new configuration, please click “Configuration -> CRM SharePoint Permissions Replicator” then click “Create New”.
Figure 9: Configuration Page
From the configuration screen shown below in Figure 10, you need to put a meaningful name for your configuration and configure credentials for your Dynamics CRM and SharePoint. To make sure that you have entered proper credentials you can use the ‘Test connection’ button below each connection.
For Dynamics CRM you need a single user, let’s call him “service user”. It needs to be the system administrator within your Dynamics CRM. To configure CRM you need to pass the following parameters:
- Organization URL – The URL of your Dynamics CRM Organization Service It could be found in your Dynamics CRM: Settings -> Customizations -> Developer Resources.
- User – The Dynamics CRM user with a System Administrator
- Password – The password of the Dynamics CRM user.
For SharePoint you need a single user that is site collection administrator, let’s call him “service user”. To configure SharePoint you need to pass the following parameters:
- Site Collection URL – The URL of your SharePoint site collection.
- User – The SharePoint user. Site Collection Administrator is required.
Password – The password of the SharePoint user.
Figure 10: New Configuration
After filling all the fields press the “Create” button shown above to create a new configuration.
6.2 Activate a configuration
To start the permission replicator you need to activate the configuration via the activation code received after purchasing the service from the shop (https://www.connecting-software.com/dynamics-crm-sharepoint-permissions-replicator-pricing/). If you have the code, then you can do that straight away by clicking the link “activate code now”.
Figure 11: New Configuration Created
Type the activation code in the Service Activation window shown below in figure 12. The Activation Code has following format: f305ca9c-4ee6-448c-8f34-aa9cacdbf307.
Figure 12: Service Activation Window
After a successful activation you can close the service activation dialog.
Figure 13: Code Activation
Additional activation codes could also be activated/extended for any configuration at any time by expanding the burger menu icon next to that configuration and clicking “Activate service” as shown below in figure 14.
Figure 14: Activate/Extend a Configuration
6.3 User mapping
The service provides an out of the box automated algorithm to match (map) between users in Dynamics CRM and SharePoint. The algorithm uses login name to match users therefore it is important that linked Dynamics CRM and SharePoint are connected to the same Active Directory domain or Office365 organization.
You can view/edit the user mapping by expanding the burger menu icon next to any configuration and choosing the “User mapping” option as shown below in Figure 15.
Figure 15: User Mapping Option
In top box you can see the number of required CRM SharePoint Permission Replicator user licenses required for your Dynamics CRM organization.
Figure 16: User Mapping Screen
User mapping mode specifies whether the custom mapping will be appended to predefined mapping – Automatic (append) or fully replace predefined mapping Manual (replace). It can be changed clicking at Change button.
The Custom mapping columns identifies that mapping is user-defined.
The Mapped column identifies whether CRM user has belonging pair principal in SharePoint.
– the user is mapped (automated mapping or custom)
– the user has not been mapped
– the user has been blocked from automated mapping (otherwise he would be mapped)
When user is not mapped or you want to modify mapping, click on Edit. On next page you need to select (check) target SharePoint principal(s) to be mapped.
Block will exclude selected user(s) from custom mapping. The user(s) will not be mapped automatically.
Delete will delete selected custom mapping.
6.4 Permissions mapping
Dynamics CRM and SharePoint security model differs. The mapping between them is required. The CB Replicator automatically creates dedicated permission levels in the target SharePoint. The application has preconfigured mapping between Dynamics CRM and SharePoint that should be suitable for most deployments.
|CRM Access Right||SharePoint Permissions Level||SharePoint Permissions|
|ReadAccess||cbreplicator_crm_ReadAccess||ViewListItems, OpenItems, ViewVersions, ViewFormPages, Open, BrowseDirectories, BrowseUserInfo, UseClientIntegration, UseRemoteAPIs, CreateAlerts|
|WriteAccess||cbreplicator_crm_WriteAccess||AddListItems, EditListItems, DeleteListItems, DeleteVersions|
In the current version it is not possible to modify the “Permission mapping”. The permission mapping can be configured also per entity. To view/edit the permission mapping of a particular configuration, expand the burger menu icon next to it and choose the “Permission mapping” option as shown below in Figure 17.
Figure 17: Permission Mapping Option
The Is custom columns identifies that mapping is default or custom (user defined). Entity filter restricts entity that are affected by mapping – the global mapping for specific CRM access right is overridden in this case. CRM access right and SharePoint privilege level columns are explained below.
Permission mapping mode specifies whether the custom mapping will be appended to predefined mapping – Automatic (append) or fully replace predefined mapping Manual (replace). It can be changed clicking at Change button.
Figure 18: Permissions Mapping Screen
To create new custom mapping click at Create New button. Choose the appropriate CRM access right, SharePoint permission level and possibly Entity filter. Click at Save and Close.
To modify existing custom mapping click at Edit.
To remove existing custom mapping click at Delete.
CRM Access Right
CRM access right name. Accepted values are: AppendAccess, AppendToAccess, AssignAccess, CreateAccess, DeleteAccess, ReadAccess ,ShareAccess ,WriteAccess
SharePoint Permission Level
SharePoint permission level
Logical name of CRM entity. This attribute is used when you want to override global mapping of specific CRM access right for specific CRM entity.
6.5 Start / Stop a configuration
After creating a replication configuration, you can start the replication process. The pattern of Start and Stop buttons is used. The current status of the service is shown under the Status column.
There could be a delay before the permissions are replicated to SharePoint as the “CRM SharePoint Permissions Replicator” is relying on service queues for its execution.
The replication process status could be one of the following:
- Starting: The replication process is starting. This is an intermediate state after clicking the “Start”
- Started: The replication process is running. The Dynamics CRM permissions are being replicated into SharePoint.
- Stopping: The replication is stopping. This is an intermediate state between Started and Stopped after clicking the Stop
- Stopped: The replication process is stopped. Dynamics CRM permissions are NOT being replicated into SharePoint. You are able to edit/delete the configuration.
Figure 19: Starting the Service
Figure 20: Stopping the Service
6.6 View / Edit a configuration
An existing configuration can be modified by expanding the burger menu icon next to it and choosing “Edit configuration” option.
Figure 21: Edit configuration Option
The configuration edit screen has the same settings as the new configuration screen shown earlier in figure 10. To save you changes, click the “Save” button as shown below in Figure 22.
Figure 22: Configuration Edit Screen
6.7 Delete a configuration
An existing configuration could be deleted by expanding the burger menu icon next to it and choosing the ‘Delete’ option.
Figure 23: Configuration Delete Option
By clicking the ‘Delete’ button the configuration will be permanently deleted.
Figure 24: Configuration Delete Confirmation Screen
Note: By deleting a configuration the configuration will be permanently deleted with all activated subscriptions(even paid ones). These subscriptions are not transferable to other configurations.
7. Navigating the Dashboard
After having an active configuration, this configuration can be accessed through the SaaS Configuration menu or through the SaaS Dashboard:
Figure 25 – CRM SharePoint Permissions Replicator on Dashboard
In the Dashboard you will find quick links (1) as well as your configurations (2). Keep in mind that by clicking ‘Go to Configuration’ (3) you will be redirected to configuration page (refer to section View Configurations).
Each configuration has information about number of subscriptions and users:
Figure 26: CRM SharePoint Permissions Replicator Service Information
- Service icon/name
- Name of your configuration
- Link to the Configuration’s list page (where you can start/stop the configuration)
- Number of available subscriptions (both active and future)
- Number of users
Clicking anywhere on the configuration box (2) will redirect you to a section where you can see more information about the service such as subscriptions, batteries and available traffic.
7.1 Valid Subscriptions
Scrolling down to the next section, you can find all active and future subscriptions. For each subscription a monthly traffic graphic can be seen as well as other important information.
Figure 27: Valid Subscriptions
Expanding a subscription, you could see useful information, like validation period and monthly traffic used/remaining.
Figure 28: Subscription Details
- Subscription’s validation date
- The day the subscription was activated
- Subscription plan
- Number of users
- The activation code
7.2 Other Information
In the last section, you can find all subscriptions that are already expired.
Figure 29: Other Information
8. Activity log
Allows you to browse the history of activities that were performed by the “CRM SharePoint Permissions Replicator” for a particular configuration. The activity log can be shown by clicking the “Activity log” button for that configuration as shown in Figure 30 below.
Figure 30: Activity Log Option
Figure 31: Activity Log Details
From the activity log view shown above in Figure 31, you can browse older logs, filter by specific log types (1), navigate to older pages (2) and search for specific text (3).
The following log types are produced:
- Debug: Internal information that could be used to troubleshooting.
- Info: General information from the CB Replicator service.
- Warn: Warning messages
- Error: Error messages
- Event: Events received from CRM
- Permission Write: Permissions written to SharePoint.
In this document we described how to configure and run the CRM SharePoint Permissions Replicator. Shall you need any assistance or have further questions please contact the support team of CRM SharePoint Permissions Replicator at our email address firstname.lastname@example.org or via the support form https://saas.connecting-software.com/Support/Create . We will get back to you as soon as we can.