#413 - How to create Unique layouts for a group but not use the group visiblity to filter the records.
I think I am missing something. In the Commercial version of Sugar you can set fields to Hide or Readonly based on Role. Based on a previous question about your product, I now know how to do that (thanks for your reply), but when I create a Group, set the User to the Group and define the layout (eg EditView) for the Group, it also filters records for the User so when the User logs in, they see the new layout - great, but they don't see records they once had visibility to. What am I doing wrong? I have a feeling that the Group the User belongs to filters records as well sets custom layouts. I just want to use Groups to set custom layouts for the User belonging to the Group and not use the Group feature to filter records.
10 years ago
To not use the Group feature to filter records, simply do not set any of the cells in the Role grid to Group.
To set custom layouts for each Group you go to Studio and for the desired module click on the Layouts name in the navigation tree on the left. Not the plus symbol, but the Layout label. Here you can copy an existing layout to any group that you have created.
Once you Save Studio will refresh. Then you can open that Layouts folder and see the Default layout and the new Group layout. From there just use Studio as you normally would.
10 years ago
Ok. I think what is happening is that the User is inheriting the Role even though the User is not associated with the Role, but the Role is associated with a Group to which the User is associated directly as well. Here is what I found and perhaps you can repeat this: [1] Create a Role where there is a listview restriction of Owner on a particular module [2] Create a Group and associate the Role in Step [1] with this newly created Group [3] Create a User and associate the User to the Group in Step [2]. [4] Look at the Access profile matrix of the User and all is Green (Enabled or All) as expected. [5] Not associate the Role created in Step [1] with the Role created in Step [2]. [6] Look at the Access profile matrix of the User again, but this time it shows the restrictions defined for the Role even though the User is not directly associated with the Role.
Perhaps this is the way Security Group is supposed to be? If so, then I should really consider associating Users to Groups directly just like how we associated Users to Roles, but not associated Roles to Groups.
Thanks.
10 years ago
Forgot to add: Sugar version is Community Edition 6.5.15
10 years ago
Step [5] should read .... [5] Now associate the Role created in Step [1] with the Group created in Step [2].
10 years ago
Correct, it will inherit roles. You can simply turn on the User Role Precedence option and any role directly assigned to a user will completely override any inherited roles from the groups. Without that checked, it will just return the greatest of rights from all roles directly or indirectly associated to a user.
10 years ago
Ok. My use case above did not have any role assigned to the User, but the key it to at least assign one role. I tried this and all is good.
A lot of thought has gone into the configuration of this comprehensive module. Great work to say the least.
10 years ago
Thanks! I appreciate seeing folks like yourself finding great value in it. Let me know if you have any other questions.
-Jason