SecuritySuite - SuiteCRM and CE Teams

Control what your users can access and save time, money, and frustrations. Lock down sensitive data in SugarCRM or SuiteCRM to specific groups or teams. Supports unlimited assigned users, unlimited group assignments to records, custom layouts for each group, login/sudo capabilities and much more.

Free Trial

By clicking you consent to share your profile with the developer

Developer Tips

How do I add a group to a record when a field value changes?
How do I add a group to a newly created user?
How do I assign groups to existing records based on their parent?

How do I add a group to a record when a field value changes?

Add a before_save logic hook that checks for the field value change. Upon change load the SecurityGroups relationship and add the "id" of the group that you wish to add to the record.

The example below detects when the account type dropdown changes on an account. When it gets changed to "Customer" a "Support Group" gets assigned to the account.

/custom/modules/Accounts/ReassignSecurityGroup.php:

class ReassignSecurityGroup {

    function account_type_change(&$bean, $event, $arguments)
    {   
        //detect if Type dropdown has been changed to Customer
        if($bean->account_type != $bean->fetched_row['account_type'] && $bean->account_type == 'Customer') {
            $bean->load_relationship('SecurityGroups'); //use the link name...can find in cache/modules/{MODULE}/{MODULE}vardefs.php
            $bean->SecurityGroups->add('cd1cf3bb-9eb3-4b24-b488-529b908fed70'); //add Support Group to the record
        }
    }
}

And the /custom/modules/Accounts/logic_hooks.php:

$hook_version = 1; 
$hook_array = Array(); 
$hook_array['before_save'] = Array(); 
$hook_array['before_save'][] = Array(1, 'account_type_change', 'custom/modules/Accounts/ReassignSecurityGroup.php','ReassignSecurityGroup', 'account_type_change');

How do I add a group to a newly created user?

The easiest way to do this is to go to SecuritySuite Settings and in the "Default Groups for New Records" section at the bottom choose Users for the module and then which group you want assigned to it.

Sometimes you'll want finer control though. To do that add a before_save hook on the Users module and then add the group that you want based on your logic to the user.

if(empty($bean->id) || $bean->new_with_id == true)
{
    $default_group = BeanFactory::getBean('SecurityGroups');
    $default_group->retrieve_by_string_fields(array('name'=>'Owner_Only_Group','deleted'=>0));
    $default_group->load_relationship('users');
    $default_group->users->add($bean->id);
}

How do I assign groups to existing records based on their parent?

You have just installed SecuritySuite and assigned a security group to an account. How do you get that group also assigned to all of the records related to an account such as contacts, notes, etc?

Going forward this is done automatically for new records based on your SecuritySuite Settings. For initial setup though we recommend using SQL to do this. Always back up your database first before trying this (we are only inserting so minimal risk).

Below is an example script to take all security groups assigned to an account and auto assign it to the contacts associated to the account. You can rework this script as needed for each module. To do so, change the join and change the 'Contacts' module to be the module name as it shows when you view the application's /modules folder on the server.

insert into securitygroups_records(id,securitygroup_id,record_id,module,date_modified,deleted)
select uuid(),sg.id,c.id,'Contacts',now(),0
from securitygroups sg
inner join securitygroups_records sr on sg.id = sr.securitygroup_id and sr.module = 'Accounts' and sr.deleted = 0
inner join accounts a on sr.record_id = a.id and a.deleted = 0
inner join accounts_contacts ac on a.id = ac.account_id and ac.deleted = 0
inner join contacts c on ac.contact_id = c.id and c.deleted = 0
where sg.deleted = 0;

jad_ezs Verified Purchase
9 years ago

Thanks for this, looks fantastic. I've never installed a logic hook before though and this is a little above my head. A few questions: - I can't find the Security Groups relationship unter "cache/Accounts/Accountsvardefs.php. Do I need to manually make a relationship first? Can I find the link name anywhere else? - does "fetched_row['account_type']" refer to the name of the dropdown-list or the name of the the field. - Can one do the same for custom fields? - What does one have to do for Sugar to implement the new logic hook? fully automatic?

thanks, John

reply
- eggsurplus Provider Affiliate
  9 years ago
  
  Hello John,
  
  It's pretty complicated if you haven't done it before. The fetched_row array is a way to see what the old data value for a field used to be. In this example it is looking at the Account Type which is the account_type field. Yes, this concept can be used for custom fields.
  
  I'd advised using a non-developer method of doing what you need by looking at a workflow tool that will automatically do what you want without having to touch code. There are a couple to check out. Process Manager is on SugarOutfitters and can do what you need without coding: https://www.sugaroutfitters.com/addons/process-manager-enterprise. Process Maker is another option, but not sure if it supports SecuritySuite.
  
  reply
- jad_ezs Verified Purchase
  9 years ago
  
  Mistake: I meant I can't find the Security Groups relationship under cache/custom/Accounts/Accountsvardefs.php. I could however find it in the database table "relationships". I'm assuming that's what's needed here.
  
  reply
- jad_ezs Verified Purchase
  9 years ago
  
  Thanks for the swift response! I'll check out the process manager and maybe have a look at some documentation... and we'll see if I get anywhere :-) Thanks for the valuable input.
  
  reply
Lion Solution Verified Purchase
8 years ago

Hi Jason, i hope this is the right place to ask for it: how can i check if current user is a member of a Security Group?

reply
- eggsurplus Provider Affiliate
  8 years ago
  
  There is a getUserSecurityGroups() function in SecurityGroup.php that could be used as part of the solution. Grab the groups the user is a member of and see if any of those match the group that you are looking for.
  
  reply
- Lion Solution Verified Purchase
  8 years ago
  
  Ok, thank you Jason. It works. And if i add a custom field to Security Group module (think about a dropdown field as type_c) is there an easy way to check its value?
  
  reply
- eggsurplus Provider Affiliate
  8 years ago
  
  The SecurityGroup class is just a normal SugarBean object so you can do $securitygroup->type_c if that is a custom field on the module.
  
  reply
Lion Solution Verified Purchase
8 years ago

Yes. It works. Thank you!

reply
menach509 Verified Purchase
6 years ago
I use SuiteCRM 7.5.5 (not CE teams) and I am no programmer. I have looked op the ID of the existing securitygroup "Customer" (21c7....) I have created the file ReassignSecurityGroup.php & added two lines in logic_hooks.php at the end (or do I have to add also the $hook_version = 1; statement ?? ) When I try to save the account record (also when I do nothing !) I get the following message:

class ReassignSecurityGroup { function account_type_change(&$bean, $event, $arguments) { if($bean->account_type != $bean->fetched_row['account_type'] && $bean->account_type == 'Customer') { $bean->load_relationship('SecurityGroups'); $bean->SecurityGroups->add('21c7e36f-501e-47ad-7382-58b68a9f5cc7'); } } }

MY FILES:

1- ReassignSecurityGroup.php
class ReassignSecurityGroup {
```
function account_type_change(&$bean, $event, $arguments)
{   
    if($bean->account_type != $bean->fetched_row[&#039;account_type&#039;] && $bean->account_type == &#039;Customer&#039;) 
    {
        $bean->load_relationship(&#039;SecurityGroups&#039;);
        $bean->SecurityGroups->add(&#039;21c7e36f-501e-47ad-7382-58b68a9f5cc7&#039;);
    }
}
```
}

2- logic_hooks.php
<?php // Do not store anything in this file that is not part of the array or the hook version. This file will // be automatically rebuilt in the future. $hook_version = 1; $hook_array = Array(); // position, file, function $hook_array['before_save'] = Array(); $hook_array['before_save'][] = Array(77, 'updateGeocodeInfo', 'modules/Accounts/AccountsJjwg_MapsLogicHook.php','AccountsJjwg_MapsLogicHook', 'updateGeocodeInfo'); $hook_array['after_save'] = Array(); $hook_array['after_save'][] = Array(77, 'updateRelatedMeetingsGeocodeInfo', 'modules/Accounts/AccountsJjwg_MapsLogicHook.php','AccountsJjwg_MapsLogicHook', 'updateRelatedMeetingsGeocodeInfo'); $hook_array['after_save'][] = Array(78, 'updateRelatedProjectGeocodeInfo', 'modules/Accounts/AccountsJjwg_MapsLogicHook.php','AccountsJjwg_MapsLogicHook', 'updateRelatedProjectGeocodeInfo'); $hook_array['after_save'][] = Array(79, 'updateRelatedOpportunitiesGeocodeInfo', 'modules/Accounts/AccountsJjwg_MapsLogicHook.php','AccountsJjwg_MapsLogicHook', 'updateRelatedOpportunitiesGeocodeInfo'); $hook_array['after_save'][] = Array(80, 'updateRelatedCasesGeocodeInfo', 'modules/Accounts/AccountsJjwg_MapsLogicHook.php','AccountsJjwg_MapsLogicHook', 'updateRelatedCasesGeocodeInfo'); $hook_array['after_relationship_add'] = Array(); $hook_array['after_relationship_add'][] = Array(77, 'addRelationship', 'modules/Accounts/AccountsJjwg_MapsLogicHook.php','AccountsJjwg_MapsLogicHook', 'addRelationship'); $hook_array['after_relationship_delete'] = Array(); $hook_array['after_relationship_delete'][] = Array(77, 'deleteRelationship', 'modules/Accounts/AccountsJjwg_MapsLogicHook.php','AccountsJjwg_MapsLogicHook', 'deleteRelationship'); $hook_array['before_save'] = Array(); $hook_array['before_save'][] = Array(1, 'account_type_change', 'custom/modules/Accounts/ReassignSecurityGroup.php','ReassignSecurityGroup', 'account_type_change'); ?>
reply