by eggsurplus

Control what your users can access and save time, money, and frustrations. Lock down sensitive data in SugarCRM or SuiteCRM to specific groups or teams. Supports unlimited assigned users, unlimited group assignments to records, custom layouts for each group, login/sudo capabilities and much more.

Free 30 day trial
Try it Now

By clicking you consent to share your profile with the developer

#488 - Role / Group / Users Modelling

Closed General Question created by Pravin Verified Purchase 10 years ago

I wanted to achieve this using SecuritySuite click the link to see the model to share the data.

https://drive.google.com/a/popcornapps.com/file/d/0B_6qKcYOP96-RVdLMFEtbTQzcTQ/edit?usp=sharing

what is the possibilty to get this. i found for each vendor i may have to create a group is there any other alternate to do this. and based on certain rules on records i also like to share the data between vendors. please suggest.

  1. Pravin member avatar

    Pravin Verified Purchase

    10 years ago

    If the above link is not working https://www.dropbox.com/s/qb7wjzcvhvahf0u/role%20hierarchy.PNG

  2. eggsurplus member avatar

    eggsurplus Provider Affiliate

    10 years ago

    You would create a group for each team that the manager oversees and assign the agents all to the same group. Most likely you'll want agents to only see their own record so assign them a role with Owner only access and the manager with Group access.

  3. Pravin member avatar

    Pravin Verified Purchase

    10 years ago

    For my db Structure, each Account is a vendor, and ill have almost 2000 vendors and growning next 6 months with each vendor having 2 managers and 4 agents here each vendor should be able to see only his data. is it required to create 2000+ groups to manage the users. is that how it works please suggest

    • eggsurplus member avatar

      eggsurplus Provider Affiliate

      10 years ago

      You are going to let the accounts (vendor) log into SugarCRM? I definitely do not recommend that. See these links as to why:

      http://cheleguanaco.blogspot.com/2010/09/sugarcrm-101-how-do-i-manage-multiple.html http://cheleguanaco.blogspot.com/2013/03/sugarcrm-101-multiple-businesses.html

      That being said, you would in that scenario need a group for each vendor if they are logging directly into system. I'd advise avoiding that at all costs and using a customer/partner/vendor portal instead.

  4. Pravin member avatar

    Pravin Verified Purchase

    10 years ago

    We are looking for multiple vendors sharing Organisations data, but Per vendor only be able to access Vendors data only. Where Managers see all the customer accounts their contacts and opportunities specific to the Vendor.

  5. Pravin member avatar

    Pravin Verified Purchase

    10 years ago

    Thanks eggsurplus. This really makes more sense to me to understand. to managing 2000+ instances would be cumbersome. as well as paid extensions for such instances cost will go high. do you recommend any alternate solution to this.

  6. Pravin member avatar

    Pravin Verified Purchase

    10 years ago

    Just wanted to mention. I am a new bee to sugarCRM. please dont mind if any question seems to be irrelevant. Thanks

    • eggsurplus member avatar

      eggsurplus Provider Affiliate

      10 years ago

      You have a complicated scenario so your options are going to be limited and will be costly. The only way that I see something like this working securely is via a portal so that they don't log into SugarCRM directly. There is a very good portal on SugarOutfitters. You may be able to find others out there, but I'm not sure how well they work.

  7. Thumpermat member avatar

    Thumpermat

    10 years ago

    I know it's an old thread but I have the following question based also on the typical setup you describe in your documentation:

    I have the two groups "East Sales" and "West Sales". I would like to have two Groups, "New Jersey" and "Other East" which "belongs" to "East Sales". The agents to the New Jersey group can only see their records (that's easy), but the created records should belong as well to the NJ group as well as to the "East Sales" group. (The same goes to the "Other East" group).

    Now the Manager of the NJ group only has access to the records of the NJ group and the East Group manager has access to the records of the East Sales Group, including the NJ group and "Other East" group.

    We are not talking multi-businesses, but just an extra layer of compartmentalisation.

    Is it possible to model this ? And if so, how ?

    • eggsurplus member avatar

      eggsurplus Provider Affiliate

      10 years ago

      Yes, this model is very possible and done often. It's a matter of just adding the manager to all the groups that they need to see. You would create groups at the lowest level. So you would have New Jersey and Other East as your 2 groups. No East Sales. The East Group manager would be a member of both group.

  8. Thumpermat member avatar

    Thumpermat

    10 years ago

    And two related questions:

    Can a user have role 1 for group A and role 2 for group B and what's the best way to implement such a policy ? (e.g. Read-Write in Group A and Read-only in Group B)

    • eggsurplus member avatar

      eggsurplus Provider Affiliate

      10 years ago

      Yes, you would assign the role directly to the group instead of to the user and then turn on the "Strict Rights" option. This means that the rights from the group that is associated to the record will be the only set of rights that get applied.

    • Thumpermat member avatar

      Thumpermat

      10 years ago

      And hopefully last question : I would like User 1 to have read-write in group A and read-only in group B and User 2 to have read-only in group A and read-write in group B (groups would be like sales regions). I'm not sure what's the best way of doing this.

    • Thumpermat member avatar

      Thumpermat

      10 years ago

      I forgot to say that these rights should be at group level (and not owner).

    • eggsurplus member avatar

      eggsurplus Provider Affiliate

      10 years ago

      When this scenario occasionally comes up it is usually addressed by using the assigned user field. Set edit to Owner so that only a user assigned to the record can edit. Set view to Group so anyone in the group can view the record. This achieves the desired outcome almost always.

      Anything beyond that just gets crazy to maintain and support. That's when you start really looking at your business policies (and employees) and seeing what/who needs to change.

This case is public. Please leave out any sensitive information such as URLs, passwords, etc.
Saving Comment Saving Comment...
Rating
Rating
  • "Works really well, improves CE version greatly. Fantastic addon." - cmyatt

    Read More Reviews