by eggsurplus

Control what your users can access and save time, money, and frustrations. Lock down sensitive data in SugarCRM or SuiteCRM to specific groups or teams. Supports unlimited assigned users, unlimited group assignments to records, custom layouts for each group, login/sudo capabilities and much more.

Free 30 day trial
Try it Now

#154 - How to apply "Group" ACL to one group, and "Owner" to another?

Closed Feature created by semyl 6 years ago

I have a user with two Roles, and two Groups, but I want one Role to apply to group A, and another Role to apply to group B. Is this possible?

With my current set up, I am finding that the user is able to view all records in both groups, but the end result I want is that the user can see all records in group A, and only their own records in group B.

I currently have Additive Rights, Strict Rights, and User Role Precedence ticked.

Let me know if you need any more information. Thanks in advance!

  1. eggsurplus member avatar

    eggsurplus Provider Affiliate

    6 years ago

    Strict Rights (which you have) and then assign the roles to the groups instead. The role assigned to the group is what is then used.

    • semyl member avatar

      semyl

      6 years ago

      Wow, that is an impressively speedy response!

      Do I still keep Additive Rights and User Role Precedence?

      How do I then implement a manager who can see all records in group B, but not all records in group C?

    • eggsurplus member avatar

      eggsurplus Provider Affiliate

      6 years ago

      Strict overrides Additive in a sense and should override User Role Precedence. Strict is Strict like a Nun at a Catholic school. But if you had 2 or more roles assigned directly to a Group then Additive would still matter there.

      Give the manager group rights and assign the manager to group B. That will hide the group C records from the manager unless added as a user to group C.

    • semyl member avatar

      semyl

      6 years ago

      Ok, thanks for the explanation.

      But if the manager also needs to be a member of group C..?

      I guess this is where I am tripping up, as basically there are multiple groups, and each group has a manager, but that manager may be in other groups and not be the manager of those groups.

    • eggsurplus member avatar

      eggsurplus Provider Affiliate

      6 years ago

      That's messed up. I just typed several paragraphs and rewrote it a few times to no luck. What's the purpose of a manager in one group being a non-manager in another? Visibility? If so, just set List and View rights to All for managers. You may need to avoid Strict Rights and even potential customize the code for you situation. That's a really messed up situation.

    • semyl member avatar

      semyl

      6 years ago

      Lol. Sorry, I'm trying to wrap my head around it also.

      Normally each group is based on geography and has one or two managers. Because there is no overlap, it's perfectly fine to set a user role with Group rights for each manager.

      However, I have a case where a subset of contacts will be contacted by a subset of users, who remain in their geographical group as regular users (who only see their own records), but must be able to see all contacts within this special group. In a sense they are 'managers' of that special group, but are not managers in their geographical group.

      Considering your first and second replies, I'll have a play around and see if I can come up with a combination of user/group Roles that will do this. The slight complication is that all my users start with a role that disables a number of modules, and with User Role Precedence this overrides what I would set in the group ACL. I suppose you are saying that I can drop the user Role if I apply these restrictions to the geographical group ACLs instead.

      If you have any other suggestions, please let me know. Thanks for your response and all your help!

  2. eggsurplus member avatar

    eggsurplus Provider Affiliate

    6 years ago

    Closing this one out. Feel free to follow up with additional questions/concerns.

This case is public. Please leave out any sensitive information such as URLs, passwords, etc.
Saving Comment Saving Comment...
Rating
Rating
  • "No brainer. I have purchased it for two production installations and not regretted it."

    Read More Reviews

Keep up to date on the latest additions

We'll send you an email every month with handpicked add-ons, reviews, tricks and tips. Don't worry, we hate spam as much as you do.