I needed guidance on setting up permissions for a specific scenario

We are using Version SuiteCRM 7.10.4 - I have admin access to the application but not the server its installed on so if additional information is needed, I can find out.

Currently, the way the system was set up was for each salesperson to also have a corresponding security group (we use SuiteCRM where Teams = Security Groups). All of their accounts are then assigned to the security group, however, the role that defines their permissions are assigned directly to the user. The group does not have a role. This has worked up until now.

We now have an add-in that needs to read a configuration document published by the admin (me) from the Documents module. It requires read access (enabled and “View”) to Documents and Security Groups Management. I thought I could create a new security group, assign it a new role with these modules enabled and View = Group and then add users to the group to give them access but this does not work.

I then tried to remove all roles assigned directly to the user, assign the sales role to the user’s individual security group and then assign the new security group for the add-in which already had it’s own role assigned. When I checked under Role Management > List Roles by User, this appeared to work as I could see the elevated access for Documents and Security Group Management. I did this all using a test user so I then signed in as that user and tried to access a document that I had assigned the new security group to but the user could not see it. I also tried setting View & List to “All” for the role in the new security group that is assigned to the Document but my test user still cannot see it.

It appears that assigning roles to security groups just does not work. What am I missing here? Thank you in advance!

Hi,
Are all the records and documents are previously there in the CRM???
So you created the roles/Groups and assigned them after creating all the stuff?

I think you need to put related entries into “securitygroups_records” table manually for the related records.