SecuritySuite - SuiteCRM and CE Teams

by eggsurplus

Control what your users can access and save time, money, and frustrations. Lock down sensitive data in SugarCRM or SuiteCRM to specific groups or teams. Supports unlimited assigned users, unlimited group assignments to records, custom layouts for each group, login/sudo capabilities and much more.

Free 30 day trial
Try it Now

By clicking you consent to share your profile with the developer

#4419 - Deny precede Allow rule!

In Progress General Question created by it12 3 years ago

Hello,

I was trying to create a two security groups and limit the access to the certain module for the second one but allow on the first one. The problem is they were suppose to share let's say Leads without restrictions but one should not be accessing Notes and the other should?

How can I accomplish this using Security Suite rules? I have tried all that I could think of including not inheritable option, setting primary group. It seems that when you add second group regardless of what were the settings of the first group, the rules in Roles of the first group are precede by that second group.

If we can set that Deny always precede Allow rule regardless of how many groups one user is a member of, that could be great for accomplishing this scenario.

Looking forward to your reply.

Best Regards,

Slaven.

  1. eggsurplus member avatar

    eggsurplus Provider Affiliate

    3 years ago

    Hi Slaven,

    What it sounds like you might need in this case is the Strict Rights option: https://www.sugaroutfitters.com/docs/securitysuite/options.

    This will mean that the roles from the group assigned to a record will take precedence. You may also want to consider turning off the Additive Rights setting if you want the most restrictive rights to take precedence, but that doesn't sound like that is wanted, in general.

  2. it12 member avatar

    it12

    3 years ago

    Thank you very much, that does it. Turning off additive right and enabling strict is just what I need in this case.

    Best Regards,

    Slaven.

  3. it12 member avatar

    it12

    3 years ago

    One more update, it really did help, but messed up all other relationships in between our documents upload and users who can access them. Is it possible that we can turn on strict rules per group that we need?

    Thank you.

  4. it12 member avatar

    it12

    3 years ago

    Maybe I should explained what is the problem with strict rights more detailed...when we upload document using External tool there is a special group that has rights for that External tool account with allow on all rules on Accounts and Notes module. With Additive rules we can search through Accounts, with strict one we can't.

This case is public. Please leave out any sensitive information such as URLs, passwords, etc.
Saving Comment Saving Comment...
  • SugarCRM Editions
  • Sugar Community
  • Compatible Versions
Rating
Rating

Other Add-Ons of interest

ZINFI Partner Portal for SugarCRM

ZINFI Partner Portal for SugarCRM Logo
FEATURED

Manage your business partners quickly and easily using ZINFI Unified Partner Management portal and SugarCRM to sync data and get real time record management and data flow!

Sugar Connector for NiceReply

Sugar Connector for NiceReply Logo
FEATURED

Integrate NiceReply with Sugar to make CSAT and NPS Surveys accessible directly in the Cases module. Send out beautiful surveys automatically and make it easy to generate reports.

NBL IP Restriction

NBL IP Restriction Logo
FEATURED

Step up your security in preventing unauthorized access to critical CRM data. Using NBL IP Restriction allows you further restrict Sugar user logins based on the IP addresses being used to access Suga...
Administration teams securitysuite security groups sugarcrm ce teams SuiteCRM multiple assigned users