by eggsurplus

Control what your users can access and save time, money, and frustrations. Lock down sensitive data in SugarCRM or SuiteCRM to specific groups or teams. Supports unlimited assigned users, unlimited group assignments to records, custom layouts for each group, login/sudo capabilities and much more.

Free 30 day trial
Try it Now

By clicking you consent to share your profile with the developer

#3626 - Not Inheritable Not Working

In Progress General Question created by sandman31 6 years ago

Hello

I'm just starting with suiteCRM. I have 2 questions: 1. What's the main difference between the paid version and the free one bundled with suiteCRM? 2. I tried to follow your example in "Typical Hierarchy Setup" and applying it to 4-tier structure. Let's say Level 1 being top and level 4 being the bottom. I don't want users at level 3 to be able to see Level 2 user's data, so I set user Level 2 to be Not Inheritable. But It does not work. Level 3 can still see Level 2's data. Default groups for new record is set to None. Any idea why that is? or am I missing a step?

Thanks Sandy

  1. eggsurplus member avatar

    eggsurplus Provider Affiliate

    6 years ago

    Hi Sandy,

    1. The free one allows you to assign multiple groups to a record and do mass group assignments on list views. Everything else on the pricing page (https://www.sugaroutfitters.com/addons/securitysuite/pricing) is available with the paid version only. The popular features are custom group layouts so that you can hide/show certain fields for specific groups, multiple assigned users, and the sudo/login feature so that you can test and setup users more easily.

    2. The initial setup and understanding of how it works is the hardest part to get through. There is definitely a learning curve to it. The Not Inheritable will take effect only when you create a new record as that is when inheritance happens. If the Level 3 user can still see the Level 2 user's data and Level 3 user's role is set to Group only (view the Access tab on the user record for the true rights for any user) then that means that the Level 3 group is on that data/record. Manually removing that should then hide it. If so, then try creating a new record as the Level 2 user and make sure Level 3 did not automatically get added. If it does then it is inheriting somehow based on your configuration.

    Hope this gets the wheels turning! Feel free to follow up here with any additional questions.

    Cheers, -Jason

    • sandman31 member avatar

      sandman31

      6 years ago

      Hi Jason

      Thanks for the information. Looking at the features: -grant admin rights to normal users => meaning they can add and create users themselves? -group message dashlet => is there a limit to how deep it can go? -my activity stream restriction => is that for the whole group or only those with certain role access?

      As for my question previously regarding the "Not Inheritable", you were right any new records created by level 2 the level 3 cannot see. Previously I was assuming that existing data would automatically get adjusted to the new setting. My bad. Sorry

      Thanks Sandy

    • eggsurplus member avatar

      eggsurplus Provider Affiliate

      6 years ago

      Good catch! There will be some work to set up the existing data, but going forward it should all be automated.

      Grant Admin Rights That is one way you can use it. You can make a user an admin for specific modules, such as Users, and/or also for Studio. So if you wanted someone to be able to edit any Account as they are in charge of all data entry and making sure accounts are accurate you can make them the admin for that module. It's very granular. More info can be found at https://www.sugaroutfitters.com/docs/securitysuite/grant-admin-rights

      Group Message Dashlet Yes, it is only for posting messages at the top level. It does not support conversation threads.

      My Activity Stream It will restrict you from seeing records that you shouldn't have access to based on your role configuration.

      Let me know if you have any additional questions. Happy to help.

    • sandman31 member avatar

      sandman31

      5 years ago

      Hi Jason

      Let's say if I want to move one of my sales rep from security group A to security group B. 1. Is it ok to just remove the sales rep from security group A and then add in security group B? 2. After step 1, do I need to mass assign all existing accounts/contacts/opportunities etc data to the new group (security group B) manually? Can it be automated in the security suite full version? So when a user is moved then all associated records are moved also? 3. After moving to the new group, how can I make sure that manager of security group A can no longer see that sales rep records (contacts/account/opportunities etc)? Is this doable in security suite free or paid versions? I see that existing records can still be seen by manager of group A but without any user assigned to that record

      Thanks Sandy

    • eggsurplus member avatar

      eggsurplus Provider Affiliate

      5 years ago

      Hi Sandy,

      1. Yes
      2. If you wish to move the records to the new group as well then this would need to be manual. It is not currently done in the full version, but I can see that as a possibility in the future. Best options today is to use the UI to do that or do a direct database query that changes the securitygroup_id in the securitygroups_records table for those specific records.
      3. In the paid version you would go to the manager user record and click on the "Log in as..." menu link to log in as that manager to double check that those records are no longer visible.
This case is public. Please leave out any sensitive information such as URLs, passwords, etc.
Saving Comment Saving Comment...
Rating
Rating
  • "SecuritySuite was a very good addition to our SugarCRM implementation helping to integrate different functional teams with strictly specified roles."

    Read More Reviews