questions about group users in general

Hi everyone,
I have a question regarding user groups (I’m not talking about security groups and roles). I’d like assign a group of users to a task or to an account, and I’ve created a new group user in the user management section (/index.php?module=Users&action=EditView&usertype=group&return_module=Users&return_action=DetailView)

I set up the name, status = active and added the mail addresses of two already existing user (pls see attached screenshot).

I’d like to ask some questions regarding the feature:

  • those mentioned mail addresses are getting mail notifications -> ok
  • the users who are within that user group can’t see the accounts I assigned to them (security role allows only to see accounts that are assigned to the current user) -> is this how this feature should work? Its quite odd that I’ve created a group user and could assign objects to him but the connected users cant see them (ofc I know I could work with security groups here - but that makes things extremely inconvenient)
  • those users can filter for “only my items”, but items that are assigned to the group user arent visible then as well

therefore: is the group user really only meant for mail notifications? how would you suggest to assign a task to multiple users?

thanks in advance,

From what I can see, It seems that in fact this feature is only intended for emails.

Why not use the Security Groups - they’re exactly meant for this. What exactly do you mean when you say they’re “extremely inconvenient” for your case?

I know that I can set up the visibility of objects with security groups (we are using them already). But we do not want end users to be able to add security groups themselves (to keep the rights management as clean as possible), and since we don’t know in advance which users the current user will choose, we can’t create the security groups in advance either.

So, use case:
I have a task that has to be completed by two people that usually dont work together, so no existing security group can be reused. Additionally, I’d like both users to have this task shown as “theirs” (filter “my items only”), so it wont be ignored (often people tend to ignore tasks if they are not assigned to them directly).
But I guess this would require multiple “assigned to” fields…

And btw: I wrote “extremely inconvenient” because I believe solving this issue with security groups is not the best idea. Out of my perspective, they are intended to encapsulate the rights management, not business use cases like this one. I believe mixing those topics is usually nothing to be recommended.

Using Security groups for business purposes is quite standard in SuiteCRM. Don’t let the name “Security” fool you. Sure, you can build your security on it, but it’s also the most powerful and expressive mechanism to control flow of records among users and throughout processes. It’s also complicated, sometimes, because of this power.

I would definitely do the task that is meant for 2 users using security groups. Then I would adjust the filters. You don’t need to use “My items” dashlets and list views necessarily in the way they come out-of-the-box. You can adjust them to show everything that the user can view, and then have your restrictions come from security groups (group-level, not owner-level).

Also, note that Security groups can be combined additively. So if you don’t have a ton of users, you can have a security group for each one (by himself), and by adding two of these groups to a record, you effectively give access to two people, and you don’t have to worry about forming lots of user groups to express every possible combination of users that could ever need to work together.

1 Like

Hi pgr,
thanks for your reply. I totally understand your argumentation and see how this would solve our issue.

Problematic is that people really rely on the “assigned to” field. Right now people are able to see a subset of all tasks that are in the system, but not all visible tasks are to be completed by them. Thats why a “n:m-assigned-to-field” would be really useful (just like mails where you can enter multiple addresses per contact).

But in summary: best approach is suggested, will try to convince my colleagues. Ty!

There have been several interesting discussions here before, about the multiple assignment issue. The main idea behind single assignments is that responsibility needs to be personal, or it’s not responsibility at all. If you assign to 2 workers, eventually the day will come when one will be blaming the other, and vice-versa.

So the assignment mechanism needs to be individual to retain its force; obviously, you might need to complement it with other processes to manage team work.

I guess this makes some sense, although it probably doesn’t apply to all cases - I also understand the reasons to argue for multiple assignments.