I know this is a bit of an old thread but seems the same issue is coming up.
like you, I was thinking that adding the security group of users to role management was the correct way to add a list of desired users to the role… but it is not the case.
It sounds like JulienB is saying that Security Groups don’t do anything on their own and that you need to assign users directly to roles rather than groups for any effect.
I followed the guides/docs.
There are 3 key steps to setting up Groups so that you work correctly.
-
Create a group for each team of users and add the appropriate users to the group.
-
Create a role and select Group for the access level for every appropriate cell in the grid. Assign that role to each group
-
Add the groups to records in your SuiteCRM instance. You can use the Mass Assign on the List View to do this. Going forward the groups will automatically inherit based on your SecuritySuite Settings. You can also use logic hooks, workflow, or do a direct database insert into the securitygroups_records table if doing a one-time initial setup.
If your users should only typically see their own records then the role assigned to the group would be configured to have Owner only rights. A manager who is a part of the group and who should also be able to see all records in the group would have a role directly assigned to the manager’s record that gives Group access.
The example docs (owner, managers, east/west sales teams) don’t have the sales team with direct role assignment. Only the managers and owner get direct role assignment on their users. The sales team itself are just part of a security group (Sales East/West) which has the OWNER ONLY role assigned.
Basic setup, latest version, no custom modules.
-
Created a “OWNER ONLY” role called “Owner Only” (owner only across all modules)
-
Created a Security Group called Sales and
- added OWNER ONLY role to it.
- added User1 and User2 (regular users) to it
-
Default security group settings (ie inheritance, additive, etc)
-
List roles by user for User1 shows OWNER ONLY across the board.
-
Viewing the user and clicking access tab shows same thing.
-
As admin created some test leads.
-
Selected all leads and mass assigned the security group Sales. Inspected these lead records and verified they ONLY have security group Sales.
-
Assigned some leads to User1 and some to User2.
Logging in as User1 and User2 I can see/edit all leads, not just those assigned to the current user.
Went in and ran repair roles from admin. no difference.
So a lead record with security group Sales and assigned to User1 which has only security group Sales (Sales security group has only one role OWNER ONLY) doesn’t seem to do anything.
Did I miss something? I have read and re-read both the suite and sugar docs on this as well as some forum posts and stackoverflow stuff and I don’t see what I am doing wrong…why the securitysuite doesn’t seem to have any effect.