#2756 - Group rights-not inherited issue!
Dear Sirs,
I have a following scenario, I have 2 users in 2 different groups. Each of groups are having different rights on certain Account module. Filter User List is on, as I want to be able for users only to see their group members.
Now , there is a situation where one of the users from 1st group needs to see only names of other users from 2nd group and not to inherit any rights from 2nd group. My though is that when you add that user in 2nd group and mark "not inherited" as on that it would do the job, but the rights are still assigned and they inherited all rules just like any other user from 2nd group.
Thank you very much and looking forward to your reply.
Best Regards,
Slaven.
7 years ago
The inherit checkbox is only for whether the user's groups should be inherited by any records created. The roles will still be applied in that case as you are seeing. You may need to create a special exception for your need. To do that, edit include/utils.php. There will be two functions in that file that determine which users show in the user list. Look for "SECURITY GROUPS" to find these two functions. You can edit the logic as needed to show just the users needed.
Hope this helps!
7 years ago
Hello,
Thank you very much. I have found these two codes you mentioned, but the logic is written for every module and every security group. I just need to alter the settings so that one or more users I add from another group can see assigned to and user names without inheriting any role rules from that group. Can you please help out as I'm not a php developer.
Looking forward to your reply.
Best Regards,
Slaven.
7 years ago
A better place is actually in modules/SecurityGroups/SecurityGroup.php in getGroupUsersWhere(). Replace the user id and group id place holders. This is a hack that will be wiped out whenever there is an update so be sure to back this up to merge back in:
7 years ago
Hello,
Thank you for your help. I have tried to implement the code but to no avail, user is still inheriting all of the role rights of that group, this is of course assuming that user.id is equal to user added to 2nd group and group.id is equal to that 2nd group.
So the future developments should have an option to use separate roles for different users that belong to same security group. That would allow them to see all users and their records, but to have different type of access to those records.
Best Regards,
Slaven.
7 years ago
It won't work until you replace the ID-OF-THE-USER and the -ID-OF-THE-SECURITY_GROUP values. It may be helpful to have a dev do this part for you.
I don't see us adding this to SecuritySuite in the near future. Seems like a pretty specific need at this time.
7 years ago
Hello,
Thank you for your input. Of course I have replaced the values with id of user and security group from the database tables "securitygroup and securitygroup_users", it's just that the code is not working, roles from security group are still inherited.
Let me just explain this briefly again. Let's say that user name is "Steve" and he belongs to the group "One", that group has some roles setup for accessing Accounts module. Now "Steve" is the only member of that group but he needs to see other users that are part of group "Two" and their records. He can't see them unless he is a member of that group. Now, when we add him, he will inherit role rights of group "One" and this will allow him to have rights that we don't want.
This is the first problem, the second is what if more users from group "One" needs to have that kind of access to group "Two".
Looking forward to your reply.
Best Regards,
Slaven.
7 years ago
Sorry for the extremely slow response here. I lost this over the holidays. There is an option under SecuritySuite Settings called Strict Rights where the group that is assigned to the record drives which role to use. So if you are assigning roles to the group then if only "Two" is assigned to a record then only the role associated to "Two" will be applied to "Steve".