Control what your users can access and save time, money, and frustrations. Lock down sensitive data in SugarCRM or SuiteCRM to specific groups or teams. Supports unlimited assigned users, unlimited group assignments to records, custom layouts for each group, login/sudo capabilities and much more.
#154 - How to apply "Group" ACL to one group, and "Owner" to another?
I have a user with two Roles, and two Groups, but I want one Role to apply to group A, and another Role to apply to group B. Is this possible?
With my current set up, I am finding that the user is able to view all records in both groups, but the end result I want is that the user can see all records in group A, and only their own records in group B.
I currently have Additive Rights, Strict Rights, and User Role Precedence ticked.
Let me know if you need any more information. Thanks in advance!
-
"No brainer. I have purchased it for two production installations and not regretted it."
Read More Reviews
- Most Recent Love from Users
kacsoristvan- damien8105
- anri
- Administrador
- Stefano1
- einkauf2
10 years ago
Strict Rights (which you have) and then assign the roles to the groups instead. The role assigned to the group is what is then used.
10 years ago
Wow, that is an impressively speedy response!
Do I still keep Additive Rights and User Role Precedence?
How do I then implement a manager who can see all records in group B, but not all records in group C?
10 years ago
Strict overrides Additive in a sense and should override User Role Precedence. Strict is Strict like a Nun at a Catholic school. But if you had 2 or more roles assigned directly to a Group then Additive would still matter there.
Give the manager group rights and assign the manager to group B. That will hide the group C records from the manager unless added as a user to group C.
10 years ago
Ok, thanks for the explanation.
But if the manager also needs to be a member of group C..?
I guess this is where I am tripping up, as basically there are multiple groups, and each group has a manager, but that manager may be in other groups and not be the manager of those groups.
10 years ago
That's messed up. I just typed several paragraphs and rewrote it a few times to no luck. What's the purpose of a manager in one group being a non-manager in another? Visibility? If so, just set List and View rights to All for managers. You may need to avoid Strict Rights and even potential customize the code for you situation. That's a really messed up situation.
10 years ago
Lol. Sorry, I'm trying to wrap my head around it also.
Normally each group is based on geography and has one or two managers. Because there is no overlap, it's perfectly fine to set a user role with Group rights for each manager.
However, I have a case where a subset of contacts will be contacted by a subset of users, who remain in their geographical group as regular users (who only see their own records), but must be able to see all contacts within this special group. In a sense they are 'managers' of that special group, but are not managers in their geographical group.
Considering your first and second replies, I'll have a play around and see if I can come up with a combination of user/group Roles that will do this. The slight complication is that all my users start with a role that disables a number of modules, and with User Role Precedence this overrides what I would set in the group ACL. I suppose you are saying that I can drop the user Role if I apply these restrictions to the geographical group ACLs instead.
If you have any other suggestions, please let me know. Thanks for your response and all your help!
10 years ago
Closing this one out. Feel free to follow up with additional questions/concerns.