Control what your users can access and save time, money, and frustrations. Lock down sensitive data in SugarCRM or SuiteCRM to specific groups or teams. Supports unlimited assigned users, unlimited group assignments to records, custom layouts for each group, login/sudo capabilities and much more.
#1783 - You do not have access to this area. Contact your site administrator to obtain access.
Hi,
We are dealing with an organizational structure consisting of: HeadOffice, Area, Branches and Sub Branches. HO can see all cases, Area Officers can see only the cases of his branch. Branch Officers can see only cases of his sub branches. The hierarchy will be like this.
HO
A1
B1
C1 C2 C3
HO
A2
B3
C4 C5 C6
I have grouped say for example Group1 (HO,A1,B1,C1,C2,C3) and assigned Role Group1Role1 to "groups" for all modules and assigned users HO, A1 and B1(since HO, A1 and B1 can see all cases in that group) However C1,C2,C3 can see ONLY their own cases. So, if C1 wants to assign a case to C2, then a new page with "You do not have access to this area. Contact your site administrator to obtain access." But the case is actually reassigned to C2 even though the above new page comes. That new page wont show up if I assign C1,C2,C3 as users in the Group1Role1.But C1,C2,C3 will see all the cases in that group, that actually should not happen.
Thanks in advance Ricky
-
"This impressive add on is easy to use, extremely flexible, and huge time saver. This add on exceeded our expectations and is worth every penny!"
Read More Reviews
- Most Recent Love from Users
kacsoristvan- damien8105
- anri
- Administrador
- Stefano1
- einkauf2
8 years ago
Hi Ricky,
It sounds like you are close. Are C1, C2, C3 in Group1 as well? If so, this is why they see all group cases since they are inheriting those permissions from Group1Role1. You can confirm how a single user is getting permissions applied by going to their user record and clicking on the Access tab. The grid will show based on all roles directly assigned to the user and all roles assigned to any groups associated to the user.
Not knowing enough about your goal here there are a couple of options.
Remove C# from the group
If you have a role assigned directly to C1 that says that they can only view their own cases then they likely don't need to be in the group. However, this won't work if you need the group to still see the case so...
Make Group1Role1 more restrictive
Always make the role assigned to a group the most restrictive based on your needs. That means setting it to how C1, C2, C3 need to operate. Then you can create a more permissive role for group access and assign that directly to the HO, A1, B1 users.
Hope this helps! As always, make sure to log out and back in after any role changes for those to go into effect for a given user.
8 years ago
Thanks for the reply. Yes I have tried the last option. I kept C1, C2, C3, B1, A1 in one group so that B1 and A1 can see all the cases that are assigned to the group. Then set the role for A1 and B1 as "GROUP" to all modules. C1, C2, C3 have individual roles as owner. But however my problem is when C1 assigns a case to C2 , new page appears saying "You do not have access to this area. Contact your site administrator to obtain access." Even though this page shows like this, case is actually assign to C2. How to prevent this page from appearing? Thanks Ricky
8 years ago
That's just how it works because you have the rights set to Owner and Sugar says that the Assigned User is the owner. So when C1 reassigns to C2 they no longer are the owner and do not have rights to it. It's doing what you want as far as not giving access to a case that they are not the owner of.
Would it work to set View access to Group and the Edit to Owner? Then the error would not happen.
8 years ago
Thanks alot! That worked :)
8 years ago
Great! Glad to hear it.