Control what your users can access and save time, money, and frustrations. Lock down sensitive data in SugarCRM or SuiteCRM to specific groups or teams. Supports unlimited assigned users, unlimited group assignments to records, custom layouts for each group, login/sudo capabilities and much more.
#2091 - quickCRM with security group
while using quickCRM ,There is problem with records ,if the module was accessed from sub panel the user can see record not assign to his security group, while if the user access the module directly he will see his records ..
any feedback??
we got replay from QuickCrm as below:
"
We are using SugarCRM/SuiteCRM REST API and never access the database directly.
From what you are telling me, that is a bug with Security Suite not managing the REST API.
I will check but I'm not sure it will be easy to fix.
Maybe people in charge of Security Suite might help.
"
8 years ago
Hi again,
I chatted with you earlier on this issue. This behavior tells me that this particular endpoint in the REST API is not using Sugar's normal framework for making calls to the database. Because of that, SecuritySuite isn't being called to filter the records as it should. I'm looking into finding which endpoint that is and seeing if it can be patched to properly support SecuritySuite.
This takes time so it may not be immediate. I will likely be able to know whether something can be done or not, along with a solution if it is patchable, by Monday.
Thanks for your patience, -Jason
8 years ago
Just following up. I confirmed that in that key API call there is a hard coded SQL query which bypasses everything that SecuritySuite does. I'm working on adding SecuritySuite support to that function and will let you know here when a new SuiteCRM 7.5.3 version of SecuritySuite is released.
8 years ago
Is the patch released yet
8 years ago
Not yet. More work and testing needed. It sounds like the QuickCRM folks were able to give you a solution in the meantime. Is that working for you?
8 years ago
Just released a new version that patches the get_relationships SOAP/REST end point that had the hard coded query. Look for the SuiteCRM_7.5.3_SecuritySuite_Full-Edition_v2.9.3.zip file in your downloads. Install via Module Loader. No need to uninstall the old version first.
Let me know how it goes!
8 years ago
I patched the code in the SOAP call, but there is another call that is also affected by this. I'm working on that code and will release a new version here shortly.