Control what your users can access and save time, money, and frustrations. Lock down sensitive data in SugarCRM or SuiteCRM to specific groups or teams. Supports unlimited assigned users, unlimited group assignments to records, custom layouts for each group, login/sudo capabilities and much more.
#705 - Allow view access based on relationship?
Hi, just getting my head around SecuritySuite and have a quick question.
All our Projects have a related Account, and we have remote users that are assigned to each Project (these users are all part of a group for remote users). We want each user to be able to view just the Account that is related to each of their Projects, but the actual Account should always be assigned to an internal user. The remote users should never be able to access other Accounts.
Hope this makes sense. Is there a way to achieve this?
SugarCRM CE 6.5.16 SecuritySuite (Full) 2.7.3
Cheers Evan
-
"Great support, works pretty well. A few glitches here and there with Easy Theme - but thats related to the theme and not the securitysuite. Would lo..." - dgreene
Read More Reviews
- Most Recent Love from Users
kacsoristvan- damien8105
- anri
- Administrador
- Stefano1
- einkauf2
9 years ago
Hello Evan,
There can definitely be a learning curve to setting up a 3-level access scenario (groups/teams, roles, users). To get a more general idea of how SecuritySuite works definite check out https://www.sugaroutfitters.com/docs/securitysuite/example-of-a-typical-setup first.
Then for your scenario the key is add the remote users' groups to the appropriate Accounts. Don't forget to add the users to the remote security group as well. Then have the default setting of Inherit from Parent configured. Whenever a project is then created for that Account it will automatically assigned that group to the Project as well (assuming that the module uses the standard SugarCRM way of linking relationships between records).
That group would also be assigned a Role that is configured to allow Group access to Projects and Accounts only (list, view, edit, etc). Tweak per your requirements. The next time the remove user logs in that person will only see Projects and Accounts that have their remote user group associated to them.
So to summarize create a remote user group, add the users to it, assign the group to the appropriate accounts (and projects if they already exist), and create a role and assign it to the group with the appropriate permissions.
Note that a user must re-login anytime roles are edited. Sugar caches rights upon login.
In this scenario the internal user would still be the Assigned To user.
-Jason
9 years ago
Hi Jason, thanks for the awesome reply. That all seems pretty straight forward - basically just assign the correct group to each Account and the Project will follow. I'll have a look through the documentation a few times as well.
One quick follow up question - if we want each remote user to only have access to their own Projects & Accounts (instead of all remote users Projects & Accounts), we just have to create a separate group for each remote user?
Cheers Evan
9 years ago
Either that or make them the assigned to user and set their rights to Owner.
-Jason
9 years ago
Closing this out. Feel free to follow up if you need any more assistance.