Security Configuration Question

Greetings. I am using version 7.10.10 on ubuntu linux in AWS.

Iā€™d like to create a multi-tenant version of a single instance such that I can do the following:

Company A
user 1
user 2
user 3
Company B
user 4
user 5
user 6

I would like all users in Company A to have the ability to own their own records, duh and assign items to other users in company A, in this example user 1 should be able to assign something to users 2 and 3 but not to 4, 5 and 6. Nor do I want them to be able to see the other users outside their group.

Does this make sense?

How do I go about doing this?

Thank you in advance for your information.

Charles

I think you want to setup:
Security Group A

  • Role 1

Security Group B

  • Role 1

Users in security group A will only see A stuff. You can then further adjust each moduleā€™s access in the role. Iā€™ve never done it like your asking, but I donā€™t think you can limit the choices of ā€œusersā€ just to the group. Any other module youā€™d be able to limit access. Give setting up security groups a try. As I said, I donā€™t have much use for the security group model so I donā€™t have a lot of experience with it.

Lots of youtube videos on this precise topic, but itā€™s pretty easy. Itā€™s a combination of roles and (security) groups.

You have two security groups in this scenario: Company A, and Company B.
You have just one role from what I can see: letā€™s call it ā€˜General Userā€™

Users are assigned a security group. So, user 1, 2 and 3 would be part of the ā€˜Company Aā€™ security group. 4, 5 and 6 are part of ā€˜Company Bā€™.

Now, in roles, create a role. Call it ā€˜General Userā€™. It takes some time (the screen for Roles is not pretty) but going one row at a time, the most important lines are contacts, accounts, leads, opportunities to start. Going from left to right, pull down the options to enable certain permissions. Activate for sure. Create Yes. Edit you want to restrict to ā€˜groupā€™. Delete probably ā€˜ownerā€™ (so that user can only delete their own stuff but I discourage deleting anything). Continue left to right for the record types you want to enable.

Hit save.

At the bottom of the roles page, you can select the six users to make them ā€˜general usersā€™.

Group select 1, 2, and 3 and mass edit the security group to Group A. Do the same for 4, 5 and 6 and assign them Group B.

There will be some back and forth but eventually it works and itā€™s a thing of beauty.

Remember:

  • groups are the branch and enable seeing stuff from just your branch
  • roles control what you can and canā€™t do

Later you can create a CEO roll that is a member of both groups in your example. But of course the CEO roll needs to have view all turned on ā€¦ but editing and deleting turned off! No bias against CEOs but if they can break something, they will. :wink: