by eggsurplus

Control what your users can access and save time, money, and frustrations. Lock down sensitive data in SugarCRM or SuiteCRM to specific groups or teams. Supports unlimited assigned users, unlimited group assignments to records, custom layouts for each group, login/sudo capabilities and much more.

Cancel at any time!
Free Trial

#911 - very very urgent , Please provide us solution asap.

Closed Bug? created by Knowlarity Communications India Limited 4 years ago

Please solve our problem , we have this situation,

We have Team:
Person A1 & Person B1 reports to Person P1
Person A2 & Person B2 reports to Person P2
Person P1 & Person P2 reports to Person X

Our Requirement is :
P1 should be able to see data of A1 & B1 only
P2 should be able to see data of A2 & B2 only
X should be able to see the data of all persons A1 ,B1,A2,B2,P1 and P2

Please guide me to do this in very easy steps which we need to follow by using security group , to get the above done. Please do the needful . You can reach me anytime at heena.gudwani@1.knowlarity.com or +91-9650836387 for further requirements. Please revert back asap , as we are facing difficulties to get this done in appropriate manner.

  1. eggsurplus member avatar

    eggsurplus Provider Affiliate

    4 years ago

    Hello,

    Make sure to check this example first:

    https://www.sugaroutfitters.com/docs/securitysuite/example-of-a-typical-setup

    This will cover all the crucial steps. Also check out the documentation as there are a bunch of different options that will come in handy:

    https://www.sugaroutfitters.com/docs/securitysuite

    For your specific case you create 2 groups: Group A and Group B. Add A1, A2, P1 to Group A and B1, B2, P2 to Group B. Create a role with Owner rights and assign to Group A and B. Create a role with Group rights and assigned to P1 and P2. Then assign Group A and Group B to all of the appropriate records in your system (Accounts, Leads, etc). This is a one-time setup thing. Going forward your new records in Sugar will automatically inherit the groups depending upon your configuration.

    Want to add another level above X? Simple add X to the groups and assign the Group role X and keep repeating as you add more levels. The less unnecessary levels the better though.

    Make sure to log out/in as a test user (user A1, for example) after making any changes to roles/permissions. Sugar caches them upon login.

    -Jason

  2. vaibhavjha member avatar

    Hi ,
    We have done this , but with this , P1,P2 will be able to see leads of X also. But we want P1 to be able to see leads of A1 and B1 . and P2 should be able to see leads of A2 and B2 only.

    We have purchased security suite . But not able to configure in appropriate manner. Need your support. Please help us by giving very easy steps to get the below done.
    Please see my requirement again.
    We have Team:
    Person A1 & Person B1 reports to Person P1
    Person A2 & Person B2 reports to Person P2
    Person P1 & Person P2 reports to Person X
    Person X & Person Y reports to Person Z

    Our Requirement is :
    P1 should be able to see data of A1 & B1 only
    P2 should be able to see data of A2 & B2 only
    X should be able to see the data of all persons A1 ,B1,A2,B2,P1 and P2
    Z should be able to see the data /records of A1 , B1 , A2 , B2 , P1 , P2 , X and Y

    Please guide me to do this in very easy steps which i need to follow by using security group , to get the above done. Please mention way to get this done for each level above.(i.e from A1 level to level Z , give the easy steps). Please solve our problem asap. Please give us your contact number also , and call timings , if in case , we need support from you on call.

    • eggsurplus member avatar

      eggsurplus Provider Affiliate

      4 years ago

      P1 and P2 will not X's leads because X won't be in a group. If X gets added to a group then go to that group and in the Users subpanel click on "edit" for X and check "Not Inheritable". Now when X creates a record that group won't be added automatically so P1/P2 will not see it.

    • vaibhavjha member avatar

      Thanks , I have put "not inheritable checked for X".Now , P1 is not able to see records of X.but what to do , if we want that at another level, Z should be able to see the records of X ,Y , A1 , A2, B1, B2 , P1 and P2. (remember i have put "not inheritable checked for X") , Please tell in very easy steps.

  3. vaibhavjha member avatar

    In addition to above comment , i want to ask , if we want to follow the inheritance of levels with respect to "reports to" of the user . then How can we do that . Please give response of my both the situations , referring to this comment and above comment.

    • eggsurplus member avatar

      eggsurplus Provider Affiliate

      4 years ago

      "Reports to" is not used. You can always customize the code to do that, but it will turn into a nightmare to support.

  4. vaibhavjha member avatar

    Thanks , I have put "not inheritable checked for X".Now , P1 is not able to see records of X.but what to do , if we want that at another level, Z should be able to see the records of X ,Y , A1 , A2, B1, B2 , P1 and P2. (remember i have put "not inheritable checked for X") , Please tell in very easy steps.Please revert asap. Help us.

    • eggsurplus member avatar

      eggsurplus Provider Affiliate

      4 years ago

      I've been helping you. Please understand that and be patient. There is a big learning curve for new users sometimes as a 3 level model of security can be overwhelming to understand. I respect that and want to help speed that up a bit for you.

      To do this for another level you just keep repeating the steps. Add X to the appropriate groups. Set the relationship to each group as "Not Inheritable" if it is a manager type that just needs visibility. The highest spot, Z in this case, doesn't need to be in any groups. Just set that person's rights to All.

  5. vaibhavjha member avatar

    Please help us. Waiting for your response.

  6. vaibhavjha member avatar

    I understood your point. If i will give all rights to Z , then we have another super manager person M ( M is at same level of Z but has different departments and different team) who is handling his own team in other department. if i give all rights to person M , then data of person M and Person Z will be visible to each other . how to do and what to do ?? , if we don't want to show them to see data of each other.
    one more question , what is the functioning of primary group ? Please revert back asap.

    • eggsurplus member avatar

      eggsurplus Provider Affiliate

      4 years ago

      It's simple. Keep adding folks to the groups that should have access to the groups. Those who have a role that should be able to see ALL records do not need to be in a group UNLESS you want their new records to inherit a group.

      If someone is in a group, but you don't want their records to be added to a group automatically (i.e. you don't want other group members to see their records) then set their membership/relationship to the group as "Not Inheritable".

      Primary group is only used for custom group layouts. If you create group layouts in Studio and a user is a member of 2 or more groups the user will see the layout for whichever group is marked as primary for the user.

  7. vaibhavjha member avatar

    Hi ,

    My apologies , if I couldn't make it clear to you. Let me share my requirement again from scratch. Can you please explain the solution for below requirement:

    We have Teams:

    Person A1 & Person B1 reports to Person P1
    Person A2 & Person B2 reports to Person P2
    Person P1 & Person P2 reports to Person X
    Person X & Person Y reports to Person Z ( Super manager is Z )

    Person A11 & Person B11 reports to Person P11
    Person A22 & Person B22 reports to Person P22
    Person P11 & Person P22 reports to Person S
    Person S & Person Q reports to Person M ( Super manager is M )

    Our Requirement is :

    P1 should be able to see data of A1 & B1 only
    P2 should be able to see data of A2 & B2 only
    X should be able to see the data of all persons A1 ,B1,A2,B2,P1 and P2
    Z should be able to see the data /records of A1 , B1 , A2 , B2 , P1 , P2 , X and Y

    P11 should be able to see data of A11 & B11 only
    P22 should be able to see data of A22 & B22 only
    S should be able to see the data of all persons A11 ,B11,A22,B22,P11 and P22
    M should be able to see the data /records of A11 , B11 , A22 , B22 , P11 , P22 , S and M

    Now Both the super managers M and Z should not be able to see each other team's records.

    How can we solve our problem using the security suite ?

    apart from this , if we have a person W who wants to see everyone data .
    i can also share you pictorial representation of my problem for better understanding.
    Can you please provide me your email id for that ?

    • eggsurplus member avatar

      eggsurplus Provider Affiliate

      4 years ago

      To clarify, groups determine what records someone has access to. Roles determine what someone can do with a record once they have access.

      Anyone like W is irrelevant. Just make sure they have rights in their Role set to All. They don't need to be a part of a group unless you really want them to.

      Create groups for your teams at the lowest level then add folks to the groups for whoever needs access. Make sure to assign Roles to the groups that are set to Group only access. Then you can assign Roles to users on a one-off basis. Don't want someone to have their group auto inherited to any newly created record because others in the group shouldn't see their data? Set the membership to the group as "Not Inheritable".

      Your case:

      Group 1:
          Members: A1, B1, P1, X (not inheritable), S (not sure on example, but if so not inheritable)
          Role: Group only access role

      Group 2:
          Members: A2, B2, P2, X (not inheritable), S (not sure on example, but if so not inheritable)
          Role: Group only access role

      And so on, repeat for each lowest level group. Set as Not Inheritable in the user subpanel for all appropriate team leaders or managers in your scenario.

      The key is to think about how you flatten your hierarchy into a single layer of groups.

    • vaibhavjha member avatar

      Hi,

      We understood what you recommended in your last post and it is working correct upto 2 levels. I have a scenario explained below:
      Can a user get owner access in 1 group and Group access in another group? If yes, can you please explain how we can achieve that?

    • eggsurplus member avatar

      eggsurplus Provider Affiliate

      4 years ago

      Yes, you would configure your SecuritySuite Settings and turn on Strict Rights so that the rights from the group assigned to a record get enforced for a given record. The key is to have the role assigned to the group so that those rights get enforced for a record.

  8. vaibhavjha member avatar

    Hi,

    When I am trying to install security suite 6.8.2. It is throwing me an error "The uploaded file is not compatible with this version of SuiteCRM: 6.5.20". Even though current SuiteCRM version is 7.2.2. I also tried it with security suite 6.8.0, but it still throws same error. Can you please help us to sort this out.

  9. eggsurplus member avatar

    eggsurplus Provider Affiliate

    4 years ago

    If you are on SuiteCRM 7.2.2 then you will need the 6.5.20 version of SecuritySuite. The first part of the download name contains this version. In this case, look for 6.5.20_SecuritySuite_Full-Edition_v2.8.1.zip or something similar depending on if you are doing yearly or monthly.

This case is public. Please leave out any sensitive information such as URLs, passwords, etc.
Saving Comment Saving Comment...
Rating
Rating
  • "The perfect solution for managing security. Very stable and easy to implement. Must-have add-on for every CE implementation!"

    Read More Reviews

Keep up to date on the latest additions

We'll send you an email every month with handpicked add-ons, reviews, tricks and tips. Don't worry, we hate spam as much as you do.