Skip to content

Setting Up the Synchronization of Document Central Permissions with SharePoint

Info

This feature is currently not implemented in the product and is therefore not available for use. Please refer to the upcoming features.

With the permissions synchronization feature, it is possible to automatically align the access control of the document library in Document Central with the permissions in SharePoint. This ensures a consistent permission configuration across both systems.

The permissions synchronization integrates with Access Control and User Groups, offering a simplified and familiar setup.

Important

Please note that to fully understand this documentation, familiarity with configuring permissions through User Groups in SharePoint is required. For more details, refer to the official SharePoint documentation

Important

Permissions can only be synchronized at the Document Library level. Configuring higher levels, such as Content Types, may lead to errors in Document Central due to explicit role assignments in SharePoint.

An app registration is required to use this feature.

How Does the Permissions Synchronization Work?

To synchronize Document Central permissions with SharePoint, Azure and SharePoint resources such as Security Groups and SharePoint permission levels need to be utilized and configured. These resources can then be applied to a Document Library, ensuring that only users within the specified Security Group can access and manage the library.

Connection Between Azure Groups and Document Central Groups

The connection is established through the standard Business Central Security Group integration. A User Group in Document Central is linked to a Security Group in Business Central. By default, the Business Central Security Group is then connected to a corresponding Security Group in Azure.

Info

These security groups will be assigned within SharePoint's permission control settings.

Automatic Synchronization of Users

The users of the Security Groups are automatically synchronized with the configured Security Groups. In the Document Central Module Setup, a field called "Duration Between User Synchronization" is available under the Access Control section. This field specifies the interval between user group synchronizations. Additionally, a field below it displays the timestamp of the last triggered user synchronization.

Each time a Document Central user logs in, the system checks whether the time since the last user synchronization exceeds the configured duration. If it does, a background session is initiated to synchronize the user group members.

Document Central Permission Levels in SharePoint

When setting up permission synchronization, Document Central will create its own permission levels in SharePoint. These permission levels are named "DMS - Read", "DMS - Read Write", and "DMS - Read Write Delete". These permission levels can then be assigned to a group within, for example, a Document Library.

The permission levels will impact the permission of the group as following

DMS - Read

  • View Items: View items in lists and documents in document libraries.
  • Display Source of Items: Display the source of documents with server-side file handlers.
  • View Versions: View past versions of a list item or document.
  • View Application Pages: View forms, views, and application pages, and enumerate lists.
  • View Pages: View pages on the website.
  • Open: Allows users to open a website, list, or folder to access items inside.

Info

This permission level represents access control configured with only Read permissions.

DMS - Read Write

  • Add Items: Add items to lists and add documents to document libraries.
  • Edit Items: Edit items in lists, edit documents in document libraries, and customize web parts in document libraries.
  • View Items: View items in lists and documents in document libraries.
  • Approve Items: Approve a minor version of a list item or document.
  • Open Items: View the source of documents with server-side file handlers.
  • View Versions: View past versions of a list item or document.
  • View Application Pages: View forms, views, and application pages and enumerate lists.
  • View Pages: View pages on the website.
  • Open: Allows users to open a website, list, or folder to access items inside.

Info

This permission level represents access control configured with only Read and Write permissions.

DMS - Read Write Delete

  • Add Items: Add items to lists and add documents to document libraries.
  • Edit Items: Edit items in lists, edit documents in document libraries, and customize web parts in document libraries.
  • View Items: View items in lists and documents in document libraries.
  • Approve Items: Approve a minor version of a list item or document.
  • Open Items: View the source of documents with server-side file handlers.
  • View Versions: View past versions of a list item or document.
  • Delete Versions: Delete past versions of a list item or document.
  • Create Alerts: Create alerts.
  • View Application Pages: View forms, views, and application pages and enumerate lists.
  • View Pages: View pages on the website.
  • Open: Allows users to open a website, list, or folder to access items inside.

Info

This permission level represents access control configured with only Read, Write, and Delete permissions.

Access Control Connection

The Access Control connection is only supported at the Document Library level because SharePoint does not allow permissions to be set for Content Types in the same way as for Document Libraries. If Access Controls are not configured, all Document Central users will have access to the Document Library, as it will inherit permissions from the higher-level structure.

However, when Access Controls are configured, only users within the configured groups will have access to the Document Library. This is achieved by Document Central disabling inheritance for the Document Library and adding all connected Security Groups assigned to the Document Library Access Control directly to SharePoint.

Info

Based on the selected permissions in the Access Controls, the assigned group in SharePoint will receive the corresponding permission level: "DMS - Read", "DMS - Read Write", or "DMS - Read Write Delete".

Info

During the SharePoint creation process, a "Main Group" is created. This Main Group is an Azure Security Group that includes all Document Central users. By default, this Main Group is assigned in SharePoint and grants users the ability to view, delete, and upload all documents. The name of the Main Group will follow the format: "Document Central Users" + Environment Name + Company Name.

Setting Up the SharePoint Permission Synchronization Base Resources

The necessary resources can be created either during the creation of a new SharePoint or, for an existing SharePoint, via an action in the User Group Setup section of Document Central. Follow these steps to create the resources:

  1. Navigate through the Document Central - Administrator role center.
  2. Click on Setup in the ribbon bar and execute the action User Group.
  3. Execute the action Create Base Permission (New) in the Security Groups section.

Info

In the module setup, the synchronization of access controls can be either activated or deactivated as per your requirements.

Info

Due to the potential creation of new App Registration permissions, additional authentication steps may be required.

Setting Up the User Groups and Permissions

To synchronize permissions to SharePoint, Security Groups must be created, and Access Controls need to be set up.

Setting Up User Groups

Follow these steps to connect an Azure Security Group to Business Central:

  1. Navigate through the Document Central - Administrator role center.
  2. Click on Setup in the ribbon bar and execute the action User Group.
  3. Execute the action Create User Group in the Security Groups section.

Info

This action will launch a wizard where you can create a new Security Group, use an existing Security Group from Business Central or use a Document Central-only group.

Setting Up the Duration Between User Synchronization

To configure the duration between user synchronizations in Document Central, follow these steps:

  1. Navigate through the Document Central - Administrator role center.
  2. Click on Setup in the ribbon bar and execute the action Module Setup.
  3. Locate the Access Control section within the setup.
  4. Find the field "Duration Between User Synchronization" and specify the desired time interval.

Setting Up the SharePoint Permissions

To synchronize Access Controls with SharePoint, follow these steps:

  1. Navigate through the Document Central - Administrator role center.
  2. Click on Repository in the ribbon bar and execute the action Document Library.
  3. Select the Document Library on which the permissions should be synchronized.
  4. Configure your access controls.
  5. Leave the Access Control Page

Info

Access Controls are automatically synchronized when leaving the User Group page.

Important

For an existing Access Control configuration, you can use an action on the User Group page to synchronize all Access Controls at once.