Control what your users can access and save time, money, and frustrations. Lock down sensitive data in SuiteCRM to specific groups or teams. Supports unlimited assigned users, unlimited group assignments to records, custom layouts for each group, login/sudo capabilities and much more.
#1741 - User with no permissions to edit is till able to add records in sub panels
I am trying to set up user accounts for an internal web development project with a bunch of custom modules. I'm working with Version 7.10.
For that, there will be user accounts with different permissions needed.
Therefore I have created a role of which users are not able to edit, delete and import. Users of this role are however indeed able to Access, Export, List and View.
When I log in with a user of this role, everything works like a charm up until the point where I enter a custom module in which sub panels are present. For some reason, the "Create" option of the sub panel is gone but on the other hand I am still able to add an entry onto the sub panel permanently. I also tried to refresh and re-log. The relationship between the two entities is indeed established afterwards.
For my purpose, this should not be possible. Yet, I do want those users to enter the details of the record from the list view. I just don't want the user to add something in the sub panel.
Is there some option I have missed?
Is there some way to handle this dynamically? Maybe to hook into the corresponding event and check the user role prior to establishing the connection between two entities? Or maybe to just disable the button at all when a user is browsing through without the necessary permissions?
Thanks in advance!
5 years ago
After creating the custom modules did you use the Hookup Tool under the Admin->SecuritySuite option panel? This will create the relationship between SecurityGroups and your custom modules correctly.
If you go to that tool and cannot see your custom module in the dropdown then it was likely created automatically by SuiteCRM instead of by using the Hookup Tool (if functionality isn't working as you are currently experiencing, that is).
This would require removing that relationship manually to make it show in the Hookup Tool correctly. Here is a general guide for manually removing relationships in SuiteCRM. Sorry that this process is painful:
http://www.ricardomalla.com/2014/12/04/sugarcrm-manually-remove-relationships/
5 years ago
Thank you for the quick reply!
What do you exactly mean by the Dropdown in the Hookup Tool? Are you referring to "Default Groups for New Records" ? I indeed can allocate certain Security Groups to the Custom Modules for new records by default, yes. If so, then I don't really understand why it would matter exactly.
Let's say I have three roles: admin, employee and extern. For brevity let's assume all of them are allocated to a corresponding security group with a similar name. The admin seems self-explanatory while an employee shall be able to edit records and an extern should only be able to read. Now,in this specific case I have not allocated the records to neither security groups nor users. Nearly everything works fine so far with the exception of being able to add records to subpanels even though no record was allocated to anything (Edit and Delete were set to "None" and List as well as View were set to "All")
What would your recommendation then be? Allocate the records to which security group then precisely? How should the roles be configured then?
5 years ago
Correction: Nearly everything works fine so far with the exception of an extern being able to add records to subpanels even though no record was allocated to anything (Edit and Delete were set to "None" and List as well as View were set to "All") and him not being supposed to edit records
5 years ago
Hi Gha,
When you created the custom modules did you then go to the Hookup Tool under Admin->SecuritySuite to add Security Group support for those new custom modules? If not, that is likely the issue here. This tool creates the relationship the correct way. Once addressed you should be able to get this working.