"list view" column chooser ignores roles

paganini · 9 April 2020 13:55

Hello
I’m trying to setup security groups in the following way
Group1 - with attached role with access to own records only
“group admin” - with additional role attached directly to the user with Group access + list view for any other records

Group2 - all the same etc

all works as expected, but I found a security problem

even though “group admin” cannot open a record made by other groups from the list view, its possible to access any data by selecting columns

is it a bug, or I configured it incorrectly?

I know I can hide columns completely in Studio, but I was hoping to give users flexibility on this

crmspace · 9 April 2020 14:55

Hi,
I guess this is normal behavior. To deal with that issue:

a) remove the columns they shouldn’t see from the “available” area in the studio
b) remove access rights to get these objects shown in listview completely

if you want people to access the DetailView, but hide specific fields depending on a role/group, you will need to customize your views or install 3rd party plugins.