by eggsurplus

Control what your users can access and save time, money, and frustrations. Lock down sensitive data in SugarCRM or SuiteCRM to specific groups or teams. Supports unlimited assigned users, unlimited group assignments to records, custom layouts for each group, login/sudo capabilities and much more.

Cancel at any time!
Free Trial

#3523 - Support needed to set up some groups

In Progress General Question created by jabbas 3 years ago


We're struggling with setting up our permissions in SecuritySuite. Would it be possible to get some assistance?

Thanks, Andrew

  1. eggsurplus member avatar

    eggsurplus Provider Affiliate

    3 years ago

    Hi Andrew,

    There is definitely a learning curve to it. I'm happy to help. What are you trying to accomplish, how have you tried to set it up so far, and what are you running into right now?

  2. jabbas member avatar


    3 years ago

    Hello, thanks for getting back to me. I've attached a diagram to explain our scenario..

    So, starting at the top, our set up should look like this..

    1. a manager group which has permissions to see everything but cannot edit any system settings.
    2. a validators group which can see everything but not edit system settings
    3. several specific broker groups. Each of these needs to be able to assign activities / tasks to the validators but should not be able to edit any system settings and should not be able to see other brokers on the system either when you click the arrow button to assign something to a user or you start typing a username in the assignment input box.

    What I have tried so far:

    1. a broker group which contains the specific broker groups with a role set on it to restrict users (owner only)
    2. several broker groups in this with their role set to group only
    3. a validator group with no role set
    4. a support group around the validators and the brokers groups with permissions set to all
    5. changed settings (see image)

    This was the closest I got. Brokers couldn't view other users and specific brokers could only see their contacts BUT, they couldn't assign validators to tasks (because they couldn't see them), and when adding users to each specific broker group, they could only see contacts which had been assigned to them.

    Any help / direction much appreciated!



    • eggsurplus member avatar

      eggsurplus Provider Affiliate

      3 years ago

      Thanks Andrew.

      From what you describe I don't see any mention of one group not being able to see another group (leaving aside the user assignment requirement you have). If that is the case then SecuritySuite may not be the answer here for you. SecuritySuite is meant for having multiple groups at the same level, for example Broker Group A and Broker Group B, where both groups cannot see the records from the other.

      For the requirement of brokers not being able to assign to other brokers, that is a pretty specific requirement that will require customizing what Sugar returns for that user list. You could even do this without groups by having a field on the User record such as "Type" with values of Validator or Broker. Then if the current user is a Broker filter out all Brokers.

      There are three spots in include/utils.php where you would need to add your custom logic. In the get_user_array, getUserArrayFromFullName, and get_bean_select_array functions. This would require someone with development experience to alter correctly. Unfortunately it isn't something that I would be able to do with you, but hopefully this gives you a good head start.

This case is public. Please leave out any sensitive information such as URLs, passwords, etc.
Saving Comment Saving Comment...
  • "The perfect solution for managing security. Very stable and easy to implement. Must-have add-on for every CE implementation!"

    Read More Reviews

Keep up to date on the latest additions

We'll send you an email every month with handpicked add-ons, reviews, tricks and tips. Don't worry, we hate spam as much as you do.