To demonstrate the security flaw in the out of the box SharePoint integration I made a copy of the Customer Service Representative security role in CRM and restricted access on the account entity to user level.
I then created a user called Demo1 with this role and when I logged on as Demo1 as expected I could only view and update account records that the user Demo1 owns.
The security issue arises if I select “Open Location” which will open the SharePoint site directly in the browser. From here I can browse and access all folders and documents for Accounts I cannot access in CRM. So while Dynamics CRM and Sharepoint are integrated the security models are not and this can be a concern for many organizations.
I recently came across a product called “Permissions Replicator” from Connecting Software which solves this problem. Once you install the “Permission Replicator” you use the replication controller Wizard to setup the synchronization between your CRM and SharePoint environments by entering their server details and credentials.
Once synchroization starts you can view from the log what SharePoint rights are being applied and you can see from the example below that the Demo1 user is given rights to the Adventure Works folder on the SharePoint site but not the A-Datum account and now when I logon as the Demo1 users I can no longer browse in SharePoint to the folders for accounts I do not have access to in CRM.
You need to consider where to install the CB Replicator as it has two services that need to run continuously and you might consider running this on an Azure image.
My initial impressions of the CB Replicator is that it is well worth a look if you are concerned about the security integration between CRM and SharePoint
Leave A Reply
You must be logged in to post a comment.