Roles Restriction - Leads "assign to" across team members

Dear Team,
I have a following Hirerchi,
Two Security Group with 2 Associates and 1 Manager each

Roles: Associate ( Access - Enabled )
( Delete - None )
( Edit - Owner )
( Export - Not Set )
( Import - All )
( List - Owner )
( Mass Update - Not Set )
( View - Owner )

[b]Manager[/b] ( Access - Enabled )
	 ( Delete - None )
	 ( Edit - Group )
	 ( Export - Not Set )
	 ( Import - All )
	 ( List - Group )
	 ( Mass Update - Not Set )
	 ( View - Group )

From the Associate login, While I’m tring to “Assign to” Lead to any other Associate of Same/Different Group, I’m getting “You do not have access to this area. Contact your site administrator to obtain access. Redirect to Home in seconds” Page. But the lead is transferred to the respective associate. Lead transfer should not be happen in my case.

How do I restrict any Associates from “Assigning to” Leads to other Associates of the same/different group. And, manager of the same group should have access to “Assign to” leads between the associates of the same group, but not to other groups.

There is a known issue, which is hard to fix, and I think that is what you’re getting: when you do an operation that you have access to do, but that the operation itself provokes that you lose access, the operation runs, but you see an error because it can’t navigate to the detail view afterwards. I think this is what you’re getting.

About your other question: “assigning to” is in fact simply “editing” the record, changing the “assigned to” field. So if you give someone access to edit a record, you give them access to assign that record to other users. You would need field-level security to restrict that field only, but SuiteCRM only does record-level security out-of-the-box.

This kind of specific requirement is normally achieved through code-customizations.

To work around this, if you don’t want to customize code, you could try moving the records around people only by assigning them to Security groups, not via the “owner” mechanism (which relies on the “assigned to” field).

Thank you very much for the suggestion. Please consider as a request to fix such issue at the earliest.

On other hand, please elaborate, “To work around this, if you don’t want to customize code, you could try moving the records around people only by assigning them to Security groups, not via the “owner” mechanism (which relies on the “assigned to” field).”

:slight_smile: how do you suggest that it is fixed? That’s the tough part. Maybe it needs to be like this, if you’ve removed access, you’ve removed access…

To elaborate: I always set up my Roles like this:

https://docs.suitecrm.com/user/security-suite-groups/#_a_typical_hierarchy_setup

Then, if you work with the “Group only” roles, you don’t rely on ownership (assigned to fields). So you just assign/remove the appropriate groups to the Leads in order to make different people access them, or to revoke access.

Note that you can assign multiple Groups to each record - one to control access for Managers, another for regular users, for example - which makes the mechanism powerful and flexible.

1 Like

Okay. Thank You. I shall follow the same to make to better.