Help with Security Groups - Strict Rights

Hi, I believe the option for Strict Rights in Security Groups is not working properly.

I have checked Additive Rights and Strict Rights and unchecked everything else.

Then I creates 2 roles:

  • opps_no_edit, users can list and see details of their own opportunities, but can’t edit.
  • opps_edit, users can edit their own opportunities, the rest is not set

Finally, I created 2 security groups,

  • no_edit, including the opps_no_edit role and the user John
  • can_edit role, includind the opps_edit role and the user John

Very well, what I would expect is that when I create an opportunity and assign it to the user John and assign security group no_edit, John can list and see details of such an opportunity, because the Strict Rights is checked, but can’t edit it, because the can_edit security group is not set to this opportunity.

Then, if I assign the can_edit security group to this opportunity, John should be able to edit.

The case is: John is always able to edit the opportunity, no matter if strict rights is checked or unchecked.

I believe John should not be able to edit the opportunity unless the can_edit group is assigned to the record.

I am missing something here?

Could this be because John is the Owner of the Opportunity, after you assign the Opportunity to him? TRy unassigning him.

This depends on how you set up the roles (owner, group, etc)

I described the roles and groups setup in my post. It’s not because John is the owner. If I uncheck additive rights or if I remove John from can_edit group, then John isn’t able to edit the opportunity.

According to my understanding, if strict rights is checked, then only record explicitly assigned to a certain group gets the rights of that group to that user.

Anybody can advice?

This doesn’t tell me in detail how you did it. I’m trying to look for something that might give me an idea to give you a suggestion…

I am not a specialist in Security Suite options. For example, I never tried changing the option “strict rights”.

If my help doesn’t take you anywhere, you might try asking here

even if you don’t have the payed version you might be lucky to get an answer from the author of that code.