Securing your Portal Connector Service Account
The Portal Connector uses one or more service accounts to connect to your Dynamics CRM. These service accounts act as the CRM users to retrieve, update and create all types of records and execute all requests on behalf of your users in Sitefinity.
The service account won’t access things you don’t directly configure it to access in The Portal Connector, for example: if you only have forms that edit and create contacts, you will not be able to see, or edit any account data. The majority of The Portal Connector’s security comes from the configuration of The Portal Connector and the permissions within Sitefinity. The Portal Connector actively prevents access to anything you have not configured, and respects all roles and permissions inherited by Sitefinity widgets.
If you want to explicitly deny The Portal Connector service account from accessing certain things in your Dynamics CRM instance, then we must secure the service account with custom security roles within Dynamics CRM. There are some bare minimum security roles that The Portal Connector requires in order to function properly - this is what we’ll discuss below.
The screenshots below represent the bare minimum permissions required for the service account. These can and should be extended depending on what your portal is providing access to.
You can extend these permissions with more functionality. For example: your users can create, edit and manage their own cases. To do this, you will need to provide full organization access to Create, Read, Write and Assign cases to the service account connected to The Portal Connector. This will enable your Portal Connector user to manage their cases inside of The Portal Connector, but not have access to any other non-required entity.