Non admin acess

Guys, I need some help. I’m a beginner dev, and I need to allow a specific security group to be able to create and view users and employees. which file should I edit? I’ve already edited some files a lot and there’s always an error when entering the employees tab… how can i do this?

What are you trying to do :thinking:

I want non-administrators to be able to create, see and edit the users and employees page

I think you cannot give access to non-admin users of these.

@Jiin this might help you get some concepts

That also explains about Portal Users which might fit your case.


A final suggestion, although it’s more convoluted, is to create a dummy NewUsers module, with the basic information you need, and create a Workflow that is triggered when new records come into that module. Then on the Workflow actions you create the user in the user module. The workflow will run as administrator, so it should work.

Be mindful of security issues… it’s probably not a good idea to let random people get added as users to your CRM…

https://support.sugarcrm.com/documentation/sugar_versions/14.0/sell/administration_guide/users/#Portal_API_User

Sounds like you want to allow the HR Department Security Group to create employees, and allow the IT Department Security Group to create users ?

yes, I want users in the HR security group to have the ability to create and access users and employees. but without access to the system administration options

I managed to create a module capable of registering, but the password I set doesn’t work

Try this, and post back, let us know whether it solved your need?

Here’s how you can configure SuiteCRM to grant specific user management permissions to the HR Security Group without full admin access:

1. Utilize Roles and Modules:

  • SuiteCRM uses Roles to define user permissions for different areas of the system. You can create a custom role called “HR User Manager” or similar.
  • Within this role, grant access to the “Users” module. This allows HR users to view and manage user accounts.

2. Set Granular Permissions within the Users Module:

  • Go to the Admin panel and navigate to the Role Management section.
  • Edit the “HR User Manager” role.
  • Under the “Users” module permissions, you can set granular controls:
    • View: Allow HR users to see all user details.
    • Edit: Grant permission to edit user information like name, email, department, etc.
    • Create: Enable HR users to create new user accounts.
    • Delete: Allow them to permanently delete user accounts (use with caution!).
    • Suspend: Grant permission to suspend user accounts, effectively disabling them.

3. Restrict Other Module Access:

  • Since you don’t want full admin access, restrict permissions for other modules like Studio (customization), System Settings, and Roles (to prevent modifying other roles).

4. Assign Users to the HR Security Group:

  • Add all HR users who need user management permissions to the “HR Security Group.”

5. Consider Additional Security:

  • While Delete grants permanent removal, consider using “Deactivate” instead, which allows future reactivation.
  • Regularly review user access and consider using audit logging to track user management actions.

By following these steps, you can empower the HR Security Group to manage users and employees while maintaining control over other system functionalities.

Additional Notes:

  • SuiteCRM offers a Role inheritance feature. You can create a base role with some general permissions and inherit it for the “HR User Manager” role, granting additional user management permissions on top.
  • Remember to document these changes for future reference and maintain system security.
1 Like