Made a role but the member still have the full permissions? 😕

So I made a new role, set the access permitted etc:

and then added that role to the appropriate members, but when you go into the individual users page you can see that they still have full access:

The user is set to “regular user

Suite CRM version:

So what am I missing here? :thinking:

Thanks in advance.
Kind regards

Do they have other roles that might be giving them more access?

I have only given the user this role. He is a “Regular user” though.


What do you get when you click “List roles by user” from the left-hand menu, when inside “Role management”? Then select “Alex …”

Do mean this view?

I sent you a private DM @pgr with a gif recoding.

Kind regards

Could you try to change access column to disable in your Executive role and then check for a user?

  • Use the Access column to determine whether users can access each module:
Enabled Users have access to this module
Disabled Users will not be able to view records for this module.
  • Use the Delete, Edit, Export , Import, List, Mass Update and View columns to determine available record functions for users:
Group Gives users access to all records assigned to members of the same group.
Owner Gives users access only to their own records.
None Users will not have access to this function for this module.

Click SAVE Once saved, access rights are color coded for ease of reading.

So that is why the role´s permissions on the user does not execute? :thinking:
(Because the other roles are not defined/disabled?)


I think, that’s a reason your user still able to see all modules.

1 Like

Ok, I will test that.

Thanks a bunch. :facepunch:

And can we share a screenshot of your Security Suite Settings? Do you remember changing any of those options from the defaults?

No, that was from the executive role (which was blank).

So you were correct @rsp
if they (the role) is not defined as “Not set” in the new user/member role permissions it is not executed but they remain enabled. After I changed to “Disabled” the "magic" happened.

I think I might ran into an issue with my configuration of the role permission as I am seeing this warning message:

Does anyone of you guys know with permission that controls 2FA and the ability to edit it, (On user level - e.g. so they can configure it for their own user)?

Also I cannot get the “Group email inbox” to be displayed in the users account:

Emails are set to enable in the “executive role” which I made:

However if I add the user as a “System administrator” the group inbox does show up:
which I find a bit odd, but I suppose that has to do with permissions? :thinking:

Also allow users to use the group inbox (In inbound email admin settings), does not seem to do a difference:

Am I missing something here/ done something wrong with the configuration too?

Thanks in advance
Kind regards

1 Like

Any ideas guys? :thinking:

Thanks in advance for the help! :heart:

Kind regards

Sorry, I do not have any idea about that.

Thanks for replying though! :+1:

Hopefully someone here knows more about this.