Control what your users can access and save time, money, and frustrations. Lock down sensitive data in SugarCRM or SuiteCRM to specific groups or teams. Supports unlimited assigned users, unlimited group assignments to records, custom layouts for each group, login/sudo capabilities and much more.
#215 - Wide Open Security By Default for New Users
A new user with NO SECURITY GROUPS or roles can see ALL RECORDS, even records that have been assigned to a security group unless they have been assigned a restrictive role, such as 'Group Only'
Is there a way to reverse this ridiculous default behavior?
Can you add a default role for new users?
These default access policy is not acceptable for a Security package.
-
"SecuritySuite was a very good addition to our SugarCRM implementation helping to integrate different functional teams with strictly specified roles."
Read More Reviews
- Most Recent Love from Users
kacsoristvan- damien8105
- anri
- Administrador
- Stefano1
- einkauf2
10 years ago
This is very possible to do. Everybody uses this module differently. To do what you want use the "Default Groups" option on the Security Suite Settings page. There is a bit of a learning curve to this module. But once you get it there are many, many scenarios that it can cover. In your case, create a locked down group with a role associated with it with NO ACCESS to everything. Then set the Default Group for any newly created User record to that group on the settings page.
10 years ago
To clarify, when you first set up using Security Suite you will need to associate all existing users and records to the appropriate groups. From there on out records will inherit groups based on your configured settings.
10 years ago
I added a trigger to the users table instead to add a default role for all new users.
================================
delimiter $$ drop trigger if exists trigger_users_after_insert; create trigger trigger_users_after_insert after insert on users for each row begin insert into acl_roles_users select uuid(), acl_roles.id, NEW.id,
current_timestamp, 0 from acl_roles where name = 'DealershipMember' and deleted = 0 limit 1; end;
$$
10 years ago
That's not a bad way of going about it if that is your requirement. Adding a default group using the option setting on the Security Suite Settings page would also accomplish the same thing without needing a trigger.
SugarCRM by default allows full access. SecuritySuite is simply an additional layer that allows you to add additional layers of security to the default SugarCRM behavior.
Nice find!
10 years ago
This is a default role, not a default group. But if we add the "default" role to a te default group, then I suppose we could accomplish it that way.
10 years ago
I like that better -- triggers are so hidden, it's very easy to forget. If someone changes the name of the default role in my trigger, it breaks without complaint.
10 years ago
This isn't about groups really -- the new user I created was not a member of ANY group, but could still see all records until I assigned a role.
It's working for me now, so I'm not 100% sure if this was pilot error or a reproduceable bug.