1
User Credentials Used When…
The SmartConnect client connects to Microsoft Dynamics GP
When connecting to the Microsoft Dynamics GP the credentials of the current AD user are used to connect to Dynamics GP MSSQL databases. As AD user security is different from GP user security AD users must be set up within GP company databases in order for users to connect successfully. From SmartConnect 2011 SP2 administrators will be able to define a single MSSQL user which SmartConnect will use to connect to the Dynamics GP Company databases. This is the preferred option where available. The user of this install wishes to access SmartConnect.
The SmartConnect client connects to Microsoft Dynamics CRM 4 (AD and
IFD)
If default credentials have been specified in CRM setup within SmartConnect, those credentials are used when connecting to CRM. If no default credentials have been set up the credentials of the current AD user will be used.
The SmartConnect client connects to Microsoft Dynamics CRM 4 (CRM
Online)
As CRM 4 Online requires Microsoft Passport Authentication, default credentials must be defined in CRM setup within SmartConnect. These credentials will then be used to connect to CRM online.
The SmartConnect client connects to Microsoft Dynamics CRM 2011 (AD and
IFD)
If default credentials have been specified in CRM setup within SmartConnect, those credentials are used when connecting to CRM. If no default credentials have been set up the credentials of the current AD user will be used.
The SmartConnect client connects to Microsoft Dynamics CRM 2011 (CRM
Online)
2 The credentials used to access SalesForce.com may differ depending on the functions that are being accessed.
For non-administrative functions, if no default user have been defined within SalesForce setup, each user will be prompted for their credentials the first time they attempt to access SalesForce information. User credentials may then be managed within SalesForce by each user. If default user credentials have been defined those credentials are used to connect to SalesForce.com.
For administrative functions is no default administration credentials have been defined the user credentials above are will be used to connect to SalesForce.com. If default administrative credentials have been defined the default credentials will be used for administrative functions.
The SmartConnect client connects to the File System
When SmartConnect connects to the file system to either access data source information, or write destination information the credentials of the current AD user will be used to determine access to the file system.
The SmartConnect Web Service runs a map
The credentials of the user defined as the impersonate user when installing the SmartConnect web service will be used whenever the SmartConnect web service runs a map.
The SmartConnect Windows Service runs a map
The credentials of the user selected to run the service account during SmartConnect Windows Service installation will be used whenever the SmartConnect Windows Service runs a map.
The Excel Add-In pushes data to the SmartConnect Web Service.
3
Microsoft Dynamics GP
From SmartConnect 2011 SP2 administrators will be able to define a single MSSQL user which SmartConnect should use to connect to the Dynamics GP Company databases.
To define a single user with which to connect to the Dynamics GP
databases:
1. Open Setup / SmartConnect Setup.
2. Double click on the SmartConnect Dynamics GP Connector, or select SmartConnect Dynamics GP Connector and select the Connector Setup button at the bottom of the screen. This will open the Microsoft Dynamics GP Connector Setup window.
3. Select the use credentials checkbox
4. Enter the name of the MSSQL user that should be used when connecting to Dynamics GP company databases.
5. Enter the password for the above user.
6. Enter the name of the Dynamics GP database server, then select the connect button. 7. Select the default Dynamics GP company, the OK to record changes.
SmartConnect users are based on, and receive their permissions from Windows AD users. As GP user permissions are separate from AD user permissions, permission to access and update GP databases must be added to MSSQL for SmartConnect to operate correctly.
To add Windows AD users to the GP databases use the script below. Replace domain\username with the login details for each user
IF
NOT EXISTS
(
SELECT
loginname
FROM
master
.dbo.
syslogins
WHERE
name =
'domain\username'
)
BEGIN
CREATE
LOGIN
[
domain\username
]
FROM
WINDOWS
WITH
DEFAULT_DATABASE
=
master
,
DEFAULT_LANGUAGE
=[us_english]
USE
DYNAMICS;
CREATE
USER
[
domain\username
]
FOR
LOGIN
[
domain\username
]
WITH
DEFAULT_SCHEMA
=[dbo]
EXEC
sys
.
sp_addrolemember
'DYNGRP'
,[
domain\username
]
USE
TWO
CREATE
USER
[
domain\username
]
FOR
LOGIN
[
domain\username
]
WITH
DEFAULT_SCHEMA
=[dbo]
EXEC
sys
.
sp_addrolemember
'DYNGRP'
,[
domain\username
]
END
GO
duplicate the lines below for each GP company database the user should be able to access.
USE
TWO
CREATE
USER
[
domain\username
]
FOR
LOGIN
[
domain\username
]
WITH
DEFAULT_SCHEMA
=[dbo]
4 where TWO is the Company ID
5
Microsoft Dynamics CRM
User security requirements for Microsoft Dynamics CRM 4
When accessing CRM 4 from SmartConnect the credentials of the user connecting to CRM are used to determine access to CRM entities. The web services used to connect to CRM will automatically restrict access to entities based on the user security within CRM. To add or restrict access to CRM entities through SmartConnect, amend the security role attached to the user used to connect to CRM.
In order to deploy CRM real time data sources on the CRM server, the user connecting to CRM must be defined as a deployment admin within CRM. To define a deployment admin follow the steps below:
1. Log onto the CRM machine
2. Go to Start / Programs / Microsoft Dynamics CRM / Deployment Manager 3. Select deployment administrators in the left folder list.
4. Add the required user(s) using the New Deployment Administrator option in the right menu.
User security requirements for Microsoft Dynamics CRM 2011
When accessing CRM 2011 from SmartConnect the credentials of the user connecting to CRM are used to determine access to CRM entities. The web services used to connect to CRM will automatically restrict access to entities based on the user security within CRM. To add or restrict access to CRM entities through SmartConnect, amend the security role(s) attached to the user used to connect to CRM.
In order to deploy CRM real time data sources on the CRM server, the user connecting to CRM must be defined as a deployment admin within CRM. To define a deployment admin follow the steps below:
1. Log onto the CRM machine
2. Go to Start / Programs / Microsoft Dynamics CRM / Deployment Manager 3. Select deployment administrators in the left folder list.
6
SalesForce.com
When linking SmartConnect with Sales force the users needed to access SalesForce, and the way SalesForce is to be accessed must be defined within the SmartConnect SalesForce setup screen.
The following process is followed when determining the user details that are to be used to access SalesForce from SmartConnect:
1. If the required access is to query or update SalesForce entities.
a) If the default security section has been defined in the SmartConnect SalesForce connector setup window the specified user details are used to connect to SalesForce.
b) If the current user has specified their own connection details for SalesForce, and those details are still valid the individual user details are used to connect to SalesForce.
c) If the current user has not specified their own connection details, or the specified details are no longer valid the user will be prompted to enter their own SalesForce connection details before proceeding.
2. If the required access is to create or amend SalesForce apex objects.
a) If the Administration Security section has been defined in the SmartConnect SalesForce connector setup window, the specified user details are used to connect to SalesForce.
b) If the default security section has been defined in the SmartConnect SalesForce connector setup window, the specified user details are used to connect to SalesForce.
c) If the current user has specified their own connection details for SalesForce, and those details are still valid the individual user details are used to connect to SalesForce.
d) If the current user has not specified their own connection details, or the specified details are no longer valid the user will be prompted to enter their own SalesForce connection details before proceeding.
Security required for standard functions:
SmartConnect uses standard SalesForce security when connecting to SalesForce in order to insert, update or delete data. Note: the SalesForce partner API is used for all standard from SmartConnect.
Each SalesForce user that will be used to connect to SalesForce via SmartConnect must be set up to allow remote access.
Standard SalesForce security should be used to determine what entities and fields users can and cannot access.
7
Security required for administrative functions:
In standard environments most users do not have rights to access areas of SalesForce where new entities and fields are created, or create amend and delete apex scripts. Because of this, and to restrict this functionality from standard user accounts SmartConnect can be set up to channel functions that require this access through an 'Administrative' user account, while keeping standard processing at the usual user account level. Note: SmartConnect uses both the SalesForce Apex and Metadata API's to perform these functions. Functions that require Administrative access through SmartConnect are as follows:
Creating change tables for SmartConnect change data sources. Creating change apex triggers for SmartConnect change data sources.
Creating and maintaining the classes required for SmartConnect real-time data sources. Creating the real-time data source master table.
Creating the real-time data source apex triggers.
The user(s) specified within SmartConnect to perform these administrative functions must have the following security access:
Each user must be set up to allow remote access.
Each user must have rights to create and maintain new apex objects (tables)
