Admin and users with All Privileges can't see specific user's Notes/Calls/Tasks

Hello,

We’re running SuiteCRM 7.14.4 with PHP 8.2.17

We have made a user with roles set up so they can only work with their own records, in the panels that they need to.
The issue seems to be, on a given Account record, this user has made some Notes, Calls and Tasks but on the same record, the admin account as well as other users with full access do not see these records.
The oddest thing is that by going to the page of the Note, Call or Task by url the page is accessible and they have full permissions over the record.
What could be causing the DetailView specifically not to render these related records?
Logs did not suggest any PHP FATAL errors.

Can you please explain in more detail where you expect to see this, but don’t?

Which module, which view, which part of the screen…?

Of course.

I mean the detail view of the record related to the note/call/task, in this case an Account.
I expect to be able to see under the Activity and History sections the notes/calls/tasks that this limited access user has made, since the other users have all privileges over all modules.

I should clarify,
all of the tabs that I expect to be there are there (Activity, History), but the contents (in particular, notes/calls/tasks made by the restricted user - or in other words, assigned to them) are not visible to users who supposedly have full privileges over those modules (they are part of a group with a role that grants full access to all modules). However, they are able to access the DetailView of those notes/calls/tasks (i.e. no “you have no access to this resource” message) by going to the url of that record’s detailview. Also, it seems the administrator user alone can now see the activities made by the restricted user in the account’s detailview. I believe this could be an issue with security groups, as they should have been set up correctly

It could be bug. Check on the issues section.

The issue is not necessarily security groups and permissions, it could be the way that the query for the Acitivites subpanel is set up - it’s selecting which records to show, maybe someone thought that only records assigned to the current user should be there, and made the query like that. I don’t know.

On the other hand, the fact that the admin user sees more things would be a sign that it is a permissions issue. Admin users totally bypass security groups.

There are some security groups options that control how security groups are assigned, when records are created, etc. Have you tried looking at those extra options, and reading the documentation about it? I mean the detailed documents from the original add-on maker.

After further analysis of the records in question it has come to light that the client had mistakenly made two nearly identical accounts and that the privileged users were looking at the wrong one.

Do excuse the waste of time, please disregard.

1 Like

Hi,
The Following points can be followed to debug the permission issues:

  1. Check if the records (Notes, Calls, Tasks) are correctly assigned to the user. Even if the user has created these records, visibility can be affected by ownership settings.
    Ensure the admin and other users have the correct role permissions to view records created by others.

  2. If you have made any customizations to the module configurations or layout, review those changes. Sometimes, custom modifications can inadvertently affect how related records are displayed.

  3. Clear the SuiteCRM cache. Caching issues can sometimes prevent changes from appearing as expected. Use Admin > Repair > Quick Repair and Rebuild.

  4. If there are any custom modules or extensions installed, ensure they are not interfering with the rendering of related records.
    Temporarily disable custom extensions or code to see if this resolves the issue.

  5. Use log files to trace any errors that occur when loading the DetailView.