The standard integration between CDS|Dynamics 365 and SharePoint doesn’t offer a way to keep user access in sync between both systems.
For some use cases there is a simple solution for that. In my previous blog post I’ve used an Azure AD mail-enabled security group to provide users access to Dynamics 365 and SharePoint.
![](https://i0.wp.com/2die4it.com/wp-content/uploads/2020/02/GroupId.png?resize=810%2C344&ssl=1)
This security group is used in a Team in Dynamics 365, and a security role is assigned to the Team. In this way members of the security group get access to Dynamics 365 if/once they are enabled as user in Dynamics 365.
![](https://i0.wp.com/2die4it.com/wp-content/uploads/2020/02/GroupAsTeam.png?resize=541%2C236&ssl=1)
In SharePoint the same mail-enabled security group is used to grant access for the same users. In the ‘Grant access to an item or a folder’ action a mail-enabled security group (or Office 365 group) can be added as recipients. For example to grant access to a Shared folder:
![](https://i0.wp.com/2die4it.com/wp-content/uploads/2020/02/GrantAccessToFolderFlow.png?resize=608%2C514&ssl=1)
Before granting access:
![](https://i0.wp.com/2die4it.com/wp-content/uploads/2020/02/FolderInheritsPermissions.png.png?resize=810%2C163&ssl=1)
After granting access:
![](https://i0.wp.com/2die4it.com/wp-content/uploads/2020/02/FolderUniquePermissions.png?resize=810%2C191&ssl=1)
I prefer to assign permissions/grant access to a SharePoint group and add the mail-enabled security group (or security group or Office 365 group) to that SharePoint group; it’s a best practice to assign permissions indirectly.
Grant access for a SharePoint group can be done with the following actions in a Power Automate flow:
![](https://i0.wp.com/2die4it.com/wp-content/uploads/2020/04/Break-inheritance-1.png?resize=767%2C935&ssl=1)
First I declare variables for the MembershipGroupId of the SharePoint group and the RoleDefId of the permission level. Then I get the folder metadata, because I need the ItemId of the folder in the following actions.
![](https://i0.wp.com/2die4it.com/wp-content/uploads/2020/04/Break-inheritance-2.png?resize=761%2C957&ssl=1)
The last 2 actions will break inheritance of the permissions and grant access to the folder for the “Readers” SharePoint group with the Restricted View permission level.
Reference REST API requests: Set custom permissions on a list by using the REST interface
![](https://i0.wp.com/2die4it.com/wp-content/uploads/2020/04/Break-inheritance-3.png?resize=810%2C227&ssl=1)
Using a Azure AD “group” is a way to keep user access in sync between CDS|Dynamics365 and SharePoint.