by eggsurplus

Control what your users can access and save time, money, and frustrations. Lock down sensitive data in SugarCRM or SuiteCRM to specific groups or teams. Supports unlimited assigned users, unlimited group assignments to records, custom layouts for each group, login/sudo capabilities and much more.

Cancel at any time!
Free Trial

#1783 - You do not have access to this area. Contact your site administrator to obtain access.

Closed Bug? created by Ricky 3 years ago

Hi,

We are dealing with an organizational structure consisting of:
HeadOffice, Area, Branches and Sub Branches.
HO can see all cases, Area Officers can see only the cases of his branch. Branch Officers can see only cases of his sub branches.
The hierarchy will be like this.

   HO
    A1  
    B1        

C1 C2 C3

    HO
    A2  
     B3        

C4 C5 C6

I have grouped say for example Group1 (HO,A1,B1,C1,C2,C3) and assigned Role Group1Role1 to "groups" for all modules and assigned users HO, A1 and B1(since HO, A1 and B1 can see all cases in that group) However C1,C2,C3 can see ONLY their own cases.
So, if C1 wants to assign a case to C2, then a new page with "You do not have access to this area. Contact your site administrator to obtain access." But the case is actually reassigned to C2 even though the above new page comes.
That new page wont show up if I assign C1,C2,C3 as users in the Group1Role1.But C1,C2,C3 will see all the cases in that group, that actually should not happen.

Thanks in advance
Ricky

  1. eggsurplus member avatar

    eggsurplus Provider Affiliate

    3 years ago

    Hi Ricky,

    It sounds like you are close. Are C1, C2, C3 in Group1 as well? If so, this is why they see all group cases since they are inheriting those permissions from Group1Role1. You can confirm how a single user is getting permissions applied by going to their user record and clicking on the Access tab. The grid will show based on all roles directly assigned to the user and all roles assigned to any groups associated to the user.

    Not knowing enough about your goal here there are a couple of options.

    Remove C# from the group

    If you have a role assigned directly to C1 that says that they can only view their own cases then they likely don't need to be in the group. However, this won't work if you need the group to still see the case so...

    Make Group1Role1 more restrictive

    Always make the role assigned to a group the most restrictive based on your needs. That means setting it to how C1, C2, C3 need to operate. Then you can create a more permissive role for group access and assign that directly to the HO, A1, B1 users.

    Hope this helps! As always, make sure to log out and back in after any role changes for those to go into effect for a given user.

    • Ricky member avatar

      Ricky

      3 years ago

      Thanks for the reply.
      Yes I have tried the last option. I kept C1, C2, C3, B1, A1 in one group so that B1 and A1 can see all the cases that are assigned to the group. Then set the role for A1 and B1 as "GROUP" to all modules.
      C1, C2, C3 have individual roles as owner. But however my problem is when C1 assigns a case to C2 , new page appears saying "You do not have access to this area. Contact your site administrator to obtain access." Even though this page shows like this, case is actually assign to C2. How to prevent this page from appearing?
      Thanks
      Ricky

    • eggsurplus member avatar

      eggsurplus Provider Affiliate

      3 years ago

      That's just how it works because you have the rights set to Owner and Sugar says that the Assigned User is the owner. So when C1 reassigns to C2 they no longer are the owner and do not have rights to it. It's doing what you want as far as not giving access to a case that they are not the owner of.

      Would it work to set View access to Group and the Edit to Owner? Then the error would not happen.

    • Ricky member avatar

      Ricky

      3 years ago

      Thanks alot! That worked :)

    • eggsurplus member avatar

      eggsurplus Provider Affiliate

      3 years ago

      Great! Glad to hear it.

This case is public. Please leave out any sensitive information such as URLs, passwords, etc.
Saving Comment Saving Comment...
Rating
Rating
  • "Couldn't do without it. Highly recommended and I guarantee that you will not find another alternative."

    Read More Reviews

Keep up to date on the latest additions

We'll send you an email every month with handpicked add-ons, reviews, tricks and tips. Don't worry, we hate spam as much as you do.