A Dynamics User must have the proper Sharepoint permissions to see the documents from Dynamics. So you should be correct with your existing security implementation.
Yet, you still need to setup the security role to give access to DocumentLocation and SharePointSite.Both Sharepoint and Dynamics Permissions are requested for an user to be able to see documents.
All of this is well explained at the end of this blogpost :
If you've found this thread useful, dive deeper into User Group community content by role