Control what your users can access and save time, money, and frustrations. Lock down sensitive data in SugarCRM or SuiteCRM to specific groups or teams. Supports unlimited assigned users, unlimited group assignments to records, custom layouts for each group, login/sudo capabilities and much more.
#1578 - How to implement security group hierarchy
Hello,
I have a question : How to implement security group hierarchy?
My requirement is as following : let us take an example I have only one module "Node" I have a few teams with hierarchy.
Ex. "Team A" has 3 members "Amember1", "Amember2", "Amember3" and two admin of Team A "Aadmin1", "Aadmin2"
members of "Team A" can see all data in same team. Admin of "Team A" can see all data in same team. members of "Team A" can not see data of Admin. And "Aadmin1" can not see data of "Aadmin2" and vice-verse .
Again there is N level of team hierarchy.
I have implemented this as follows :
create security group for team A -> "SG-A-Normal"
and assigned this group to all members and admin
-create security group for team A admin -> "SG-A-Admin"
and assigned this group to admins of Team A. and make this admin group to default group of Admins.
SG-A-Nomal security group has a role with all access to Module "Node" SG-A-Admin security group has a role with owner access to Module "Node"
But the problem is when I reached to level 4 heairchy I will have to create multiple security groups and assign them to level 4 admin Means Level 4 Admin will have all access to level 3, level 2, level 1.
Is there any way to connect security group hiearchy? Like If SG-Super is parent of SG-A-User then user with SG_Super access can also view SG-A-User
-
"Works only EN lang, If run upgrade SecSuite under RU lang - error..." - vstgod
Read More Reviews
- Most Recent Love from Users
kacsoristvan- damien8105
- anri
- Administrador
- Stefano1
- einkauf2
9 years ago
Hi Ramakant,
An alternative is to just have a "SG-A" group and put all your normal members and admins in that group. Then part the admin users in that group as "Not Inheritable" so that when they create records they won't have the "SG-A" group automatically assigned to the new record. This means that normal users won't see their records.
9 years ago
Thanx its working for one level
Again
Team Member (level1) can see all nodes (own + all nodes in same group). except his/her seniors i.e. Team Lead and managers Team Lead (Level 2) can see all nodes (own + all members'). except his/her seniors i.e. managers Manager (Level 3) can see all nodes (own + all team leads' + all members').
Should I do some custo coding or can it be achieved simply?
9 years ago
You would create the groups at the lowest level and work your way up. So create a group for every team. Then assign all members and leads to every appropriate team. Create a role called something like "Team Only" and set the rights to "Group" for everything. Then assign that role to each group. Now go back to the security group and in the users subpanel edit every team lead and set "Not Inheritable" and save (to ensure that team members can't see the lead's records).
For managers (level 3) you don't need to do anything. Just ensure that they have a role set to All so that they can see all records. If you have a Level 4 then you just repeat the process going up. Managers would be added to groups, set as Not Inheritable, etc.
It's very similar to the example here: https://www.sugaroutfitters.com/docs/securitysuite/example-of-a-typical-setup
The biggest difference will be that the team lead should be marked as Not Inheritable when added to the security group so that when they create a record their group won't be assigned to the new record (so that team members won't see the record).