Partner Stories

Dynamics 365 CRM SharePoint Integration: Permissions & Document Security Explained

Published by Inogic

Organizations using Dynamics 365 and SharePoint often assume that document access in SharePoint automatically follows Dynamics 365 security roles. In reality, this is not how the integration works.

As a result, users may see documents in SharePoint even when they no longer have access to the related CRM record. This creates security gaps, compliance risks, and manual work for IT teams.

This article explains:

  • Why do Dynamics 365 security roles do not sync with SharePoint by default
  • The risks of relying on native integration
  • And the correct way to keep SharePoint document permissions aligned with Dynamics 365 security

How Dynamics 365 Security Roles Work

Dynamics 365 uses a role-based security model to control who can access data.

A security role in Dynamics 365 defines:

  • Which entities a user can access (Accounts, Opportunities, Cases, etc.)
  • What actions they can perform (Read, Create, Write, Delete, Append)
  • The scope of access (User-level, Business Unit, Parent-Child, or Organization)

Access can be granted in two ways:

  • Directly to users
  • Through teams

Most importantly, Dynamics 365 security is record-aware.
A user may have access to one Opportunity but not another, based on ownership, teams, or hierarchy.

How SharePoint Permissions Work

SharePoint uses a folder and file-based permission model.

Permissions are applied at:

  • Site level
  • Document library level
  • Folder level
  • File level

SharePoint relies on permission inheritance, where folders and files inherit access from their parent unless explicitly changed.

The Key Problem

SharePoint does not understand:

  • Dynamics 365 security roles
  • Record ownership
  • Team membership
  • Business unit hierarchy

So when a document is stored in SharePoint, it is secured only by SharePoint rules, not by CRM rules.

Why Native Dynamics 365–SharePoint Integration Does Not Sync Security

Microsoft’s native integration does one thing well:

  • It links Dynamics 365 records to SharePoint folders for document storage

However, it does not:

  • Sync Dynamics 365 security roles to SharePoint
  • Apply record-level access rules to documents
  • Update SharePoint permissions when CRM access changes

Real-World Example

  • An Opportunity is reassigned to another salesperson
  • CRM access updates immediately
  • SharePoint folder permissions remain unchanged

The previous owner may still see confidential documents.

Common Workarounds Teams Try (and Why They Fail)

Many teams try to fix this gap using workarounds, but these approaches don’t scale.

Manual Permission Management

  • Time-consuming
  • Error-prone
  • Breaks when records change ownership

Folder-Level Security

  • Hard to maintain
  • Creates complex permission structures
  • Often leads to overexposure

Power Automate or Custom Code

  • Limited understanding of Dynamics 365 security logic
  • Misses edge cases like team access or hierarchy changes
  • Requires ongoing maintenance

These methods usually solve one scenario, not the full security model.

 

What Proper Security Sync Should Look Like

A reliable security sync solution should:

  • Match SharePoint access to Dynamics 365 record access
  • Automatically update permissions when:
    • Record ownership changes
    • Team membership changes
    • User access is revoked
  • Support both user-based and team-based security
  • Work continuously, not as a one-time sync

This is the standard that organizations should aim for.

How to Sync Dynamics 365 Security Roles with SharePoint Permissions

The correct approach is to use a solution that:

  1. Monitors security access in Dynamics 365 at the record level
  2. Identifies which users and teams can access each record
  3. Applies the same access rules to the related SharePoint folders
  4. Keeps SharePoint permissions updated whenever CRM access changes

This ensures that users see documents only when they are allowed to see the related CRM record.

How SharePoint Security Sync Solves This

SharePoint Security Sync is designed specifically to close the security gap between Dynamics 365 and SharePoint.

It:

  • Automatically replicates Dynamics 365 record security to SharePoint
  • Syncs permissions for:
    • Record owners
    • Teams
    • Users with role-based access
  • Continuously updates SharePoint permissions when CRM access changes
  • Eliminates the need for manual permission handling
  • Works without custom development

As a result, SharePoint document access always stays aligned with Dynamics 365 security rules.

Image removed.

Common Use Cases

Securing Sales Documents

Ensure Opportunity and Account documents are visible only to the correct sales team.

Protecting Support Case Files

Restrict Case-related documents to assigned agents and support teams.

Managing Multi-Team Access

Allow multiple teams to collaborate without duplicating folders or breaking security.

Preventing Data Leakage

Remove document access immediately when a user loses CRM access.

Security, Compliance, and Governance Benefits

By syncing security correctly:

  • Sensitive documents are protected
  • Audit and compliance requirements are easier to meet
  • IT teams reduce manual intervention
  • Governance remains consistent across Dynamics 365 and SharePoint

This is especially important for organizations handling confidential customer or financial data.

Key Takeaways

  • Dynamics 365 security roles do not control SharePoint permissions by default
  • Native integration links documents but does not secure them
  • Manual and custom solutions don’t scale
  • Automated security sync is the only sustainable way to align CRM and SharePoint document access

If you want to secure your SharePoint document access then can try SharePoint Security Sync from our website or Microsoft Marketplace. Install now to get a 15-day free trial.

Frequently Asked Questions (FAQs)

Dynamics 365 SharePoint integration – what about permissions?

Dynamics 365 SharePoint integration links CRM records to SharePoint folders, but it does not automatically sync Dynamics 365 security roles with SharePoint permissions. SharePoint access must be managed separately unless an additional security sync solution is used.

Can Dynamics 365 permissions be synced to SharePoint folders?

By default, Dynamics 365 permissions are not synced to SharePoint folders. While basic access can be managed manually or through custom workflows, syncing record-level Dynamics 365 permissions to SharePoint folders requires a dedicated automation or third-party solution.

Why can users see SharePoint documents they don’t have access to in Dynamics 365?

This happens because SharePoint permissions are independent of Dynamics 365 record security. Even if a user loses access to a CRM record, they may still retain access to the linked SharePoint folder unless permissions are updated separately.

Does Dynamics 365 control SharePoint document security?

No. Dynamics 365 controls access to CRM records, while SharePoint controls access to documents. The native integration connects the two but does not enforce CRM security rules on SharePoint files.

Is record-level SharePoint security possible with Dynamics 365?

Yes, but not with the out-of-the-box integration alone. Record-level SharePoint security requires a solution that can read Dynamics 365 record access and apply the same permissions to SharePoint folders and files.

Dynamics 365 Dynamics CRM