by eggsurplus

Control what your users can access and save time, money, and frustrations. Lock down sensitive data in SuiteCRM to specific groups or teams. Supports unlimited assigned users, unlimited group assignments to records, custom layouts for each group, login/sudo capabilities and much more.

Cancel at any time!
Free Trial

#1244 - Normal users with full access to users module can't list users

Closed Bug? created by info50 2 years ago

We have a role "admin" for Normal users (assigned directly) with full access to users module (admin + dev set in the access type column). It is set also with all the other columns in full access.

The users in that role can edit other users, like the admin, accessing to ther edit view (i.e. URL//index.php?module=Users&action=EditView&record=1) but can't see any user in list view.

We already did the "repair an rebuild" and the "repair roles" actions.

Our Suitecrm version is 7.8.20

  1. eggsurplus member avatar

    eggsurplus Provider Affiliate

    2 years ago

    Hello,

    A couple of questions to help me debug this. Can you list any other add-ons that you have installed? Are you using the "login as" feature for that user having troubles on the list view or did that user log in normally?

    Thanks!
    -Jason

  2. info50 member avatar

    info50

    2 years ago

    Te user log in normally. And We have just a language pack installed, a theme that actually we don't use and other plugin made by ourselves. We have tried to uninstall those add-ons and the problem still persists.

    • eggsurplus member avatar

      eggsurplus Provider Affiliate

      2 years ago

      Thanks! This helps. I will take a look today and follow up here.

  3. eggsurplus member avatar

    eggsurplus Provider Affiliate

    2 years ago

    A possibility here is that under Admin->SecuritySuite Settings the "Additive Rights" option is unchecked. If the user is assigned to multiple roles, having this unchecked will restricted the user to the lowest rights across all roles assigned either directly to the user or through any groups that the user is assigned to.

    With that said, I'm unable to replicate this behavior on the list view on a clean 7.8.20 install with SuiteCRM_7.8.20_SecuritySuite_v3.1.11.zip installed. Is this the version you have installed as well?

    This is what the role looks like:
    Screenshot 2018-06-28 09.28.38.png

    And this is assigned directly to a user. When logged in as that user the full list view of users shows:
    Screenshot 2018-06-28 09.32.17.png

    Could it be the Additive Rights option? If not, I wonder if there are any customizations that may be conflicting here.

  4. info50 member avatar

    info50

    2 years ago

    We post you the full procedure:
    1 modules installed.PNG
    2. Admin rol config.PNG
    3. User asigned directly to role.PNG
    4. We access as that user and we go to user management.PNG
    5. We can't see  any user.PNG
    6. Howeverwe we can access to admin.png
    7. This is our sercurity suite config.PNG

    Its weird because we can create new users, but then we cant see them into our listview.

    We don't see any php errors in the logs by the way.

    • eggsurplus member avatar

      eggsurplus Provider Affiliate

      2 years ago

      Could Eric have a search filter in use on the Users list view? Try clicking on the filter icon and seeing if you can clear all of the filters.

  5. info50 member avatar

    info50

    2 years ago

    No filter set. If we set "Not set" instead of "Enabled" in the user module, we see "Currently has no saved records CREATE or import one now". even if we create some users in from the Eric account. Should we reinstall security suite?

    • eggsurplus member avatar

      eggsurplus Provider Affiliate

      2 years ago

      It is possible that some files didn't copy over during install. This typically happens due to file permission issues that prevent copying. I suggest at least temporarily setting permissions to 755 and then rolling it back to what you had after install.

      To reinstall we will have to trick the Module Installer. Unzip the install package, edit manifest.php, change the version number to something like 3.1.11a, save, and rezip the package so that manifest.php is in the root directory. This should now be able to be uploaded and installed.

      Let me know if you have any questions. If this doesn't work I may need temporary access to both the server and an admin account for SuiteCRM.

  6. info50 member avatar

    info50

    2 years ago

    I found out the problem. It was the "Filter User List" directive checked in the configuration of the security suite. If checked, even if the user has all the permissions in his role, he cannot list users. If it is not selected, the users list is visible. I must say that the user does not have any group assigned, but if I assign him a group, I can see the users of his group (which is him only at this moment). Anyways he is still able to access to every user from editview.

    Is this a normal behavior? Can you reproduce that?

    Thank you.

    • eggsurplus member avatar

      eggsurplus Provider Affiliate

      2 years ago

      You found the problem. I'd expect that setting to not matter in this scenario. I'll work on a fix and make that available to you as soon as it is ready.

    • eggsurplus member avatar

      eggsurplus Provider Affiliate

      2 years ago

      A new 3.1.12 version that fixes this issue has been uploaded to your purchases at https://store.suitecrm.com/orders. Install on top of the existing install. Do not uninstall first. For good measure run the following after install:

      1. Quick Repair & Rebuild
      2. Rebuild Relationships
      3. Repair Roles

      Let me know how that package works for you.

  7. info50 member avatar

    info50

    2 years ago

    Hello, the new release seems to be working well. We will notify you if we find any problem. Thank you very much.

    • eggsurplus member avatar

      eggsurplus Provider Affiliate

      2 years ago

      That's great to hear! I'll close this out for now. Feel free to follow up here as needed or by creating a new case. I appreciate your reporting and help on this issue.

  8. info50 member avatar

    info50

    2 years ago

    Hello, how are you doing? We still need a solution fot this.

    • eggsurplus member avatar

      eggsurplus Provider Affiliate

      2 years ago

      Hello.

      I read through our conversation thread here and it was confirmed resolved a couple of months ago with the 3.1.12. If things have reverted then a setting changed that caused it to no longer work. Reading through previous comments, it may be the Filter User setting or some sort of additive rights scenario.

      Hope this gives you some ideas to try.

This case is public. Please leave out any sensitive information such as URLs, passwords, etc.
Saving Comment Saving Comment...
Rating
  • "The add-on itself was already a must for my SuiteCRM, which was missing this very important security feature. However, what surprised me the most was ..." - Davint

    Read More Reviews