Control what your users can access and save time, money, and frustrations. Lock down sensitive data in SugarCRM or SuiteCRM to specific groups or teams. Supports unlimited assigned users, unlimited group assignments to records, custom layouts for each group, login/sudo capabilities and much more.
#427 - Private records
What is the best configuration to have each user have both:
- Regular records visible to all.
- Private records based on setting the account as private with all related records private.
We created: Role Private with owner only for access, Security Group Private and Assigned a user Assigned account and related entries to security group Private.
Others can still see the records.
-
"Works really well, improves CE version greatly. Fantastic addon." - cmyatt
Read More Reviews
- Most Recent Love from Users
kacsoristvan- damien8105
- anri
- Administrador
- Stefano1
- einkauf2
10 years ago
SecuritySuite works on the opposite premise meaning that you would configure everything to the most restrictive level first then open it up as necessary. To make a record "Private" everyone would be part of a group that gives Group level access to records instead of All (e.g. a Global group). Then that group would be configured to always be assigned for all new records. When a record needs to be private then remove that Global group from the record.
Another possibility is to take advantage of the Strict Rights option. With it you could have a "Private" group with a role assigned to it where everything is set to Owner. Everyone gets assigned to the "Private" group in addition to all other groups (or none). Make sure that Additive Rights is checked in the settings (it is by default) so that this isn't applied by default. Then assign the "Private" group to a record that should be made private. With the Strict Rights option it will apply the rights based ONLY on the group(s) assigned to the record. You may need to remove any other groups also assigned to the record.
There may be other options. Sometimes special scenarios may require some special logic. For companies that have a unique business need it may require some workflows or custom logic hooks that detect when a value is set to something, such as being marked private. Then based on that value groups could be added or removed from the record and children records. There are workflow tools that can help in most cases such as Process Manager: https://www.sugaroutfitters.com/addons/process-manager-enterprise
Hope this helps! -Jason
10 years ago
Your second option Strict Rights is the direction. I tried configuration above and everyone can still access record. Your thoughts? The next question if this works. The roles will need to allow for RIVA to update records to attach emails, which means that Role "private" will need edit and import set to all, not owner, for it to work via API.
10 years ago
Can you verify what groups are assigned to the private account and what roles are assigned to any groups assigned and to the current user? It may only work if you have the current user assigned to both Global and Private. In theory, private would need to be on that group for the user to not be able to access it. I'd like to be able to replicate the scenario. Also, are you using 6.5.16?
If RIVA uses a special user in SugarCRM then just have a RIVA role assigned to it to grant All access.
10 years ago
Yes 6.5.16 . Private Group ( with Private Role ) is assigned to the Account to be private. No other groups assigned. All users are part of private. All users are also part of a "Global" Sales Group that lets them see all accounts and has a account view with some read only fields. RIVA does not use a special user, it impersonates all users at the api. Above you mention in theory...private need to be on that group..does that mean make private group part of global?
10 years ago
Did a test with this and got it to work for the most part. Here is how I set it up:
The one downside is that the non-assigned user can see it in the list view. The user cannot click a link to get to it, however. The list view visibility is a limitation of how SugarCRM works.
I'm unsure on the RIVA part. If it impersonates the assigned user for a record then it should be just fine.
10 years ago
Also, if you set up the Global group to be Group access to List View then the list problem goes away. In general, most folks set up default access to be Group level for most users. Only admin-types or C-levels would have All access.