SupportOctober 27th, 2015 @ 6:04 pm Hello,
the problem with removing Global group and activating additive right is that records can not be restricted by groups.
User A has the Role Sales.
The Sales Role has access rights (view, edit, etc.) to all Accounts.
With additive right if you assign Account B the group Marketing, sales User A has still access the Account B
Without additive Rights User A can't see Accounts except that are assigned to User A.
What we are trying to achieve is:
Sales user A should have access to all Accounts until a specific Account B is assigned to another group like Marketing.
How can we achieve this with additive right and without the Global group.
(Also tried to add and remove the Strict Rights option without any success)
SupportOctober 28th, 2015 @ 11:29 am Its not only about restricting the users to certain record views, but generally about the Groups concept
I think a solution (feature request) would be that security suite handles records without a group so that all users can access them:
To user A is the role "Sales" assigned with the following rights for Accounts:
List and View "Not Set"
To user A is also the Group Sales assigned with following rights for Accounts:
List and View "Group"
With additive Right (Strict Rights: checked, User Role Precedence: not checked) User A can only view Account B if it is assigned to the "Sales" Group
Account B is not assigned to any group and user A can view it.
Or additive right only for roles or only for groups.
Could you point us to the direction how we could implement the feature: If a record is not assigned to a group than it should be visible for all users (that have group or "normal" view rights)
If you like we could also send you the code that we would have developed for us so you can decide to (or not to) implement it to the security suite.