Greetings. I am using version 7.10.10 on ubuntu linux in AWS.
Iād like to create a multi-tenant version of a single instance such that I can do the following:
Company A
user 1
user 2
user 3
Company B
user 4
user 5
user 6
I would like all users in Company A to have the ability to own their own records, duh and assign items to other users in company A, in this example user 1 should be able to assign something to users 2 and 3 but not to 4, 5 and 6. Nor do I want them to be able to see the other users outside their group.
Does this make sense?
How do I go about doing this?
Thank you in advance for your information.
Charles
I think you want to setup:
Security Group A
Security Group B
Users in security group A will only see A stuff. You can then further adjust each moduleās access in the role. Iāve never done it like your asking, but I donāt think you can limit the choices of āusersā just to the group. Any other module youād be able to limit access. Give setting up security groups a try. As I said, I donāt have much use for the security group model so I donāt have a lot of experience with it.
Lots of youtube videos on this precise topic, but itās pretty easy. Itās a combination of roles and (security) groups.
You have two security groups in this scenario: Company A, and Company B.
You have just one role from what I can see: letās call it āGeneral Userā
Users are assigned a security group. So, user 1, 2 and 3 would be part of the āCompany Aā security group. 4, 5 and 6 are part of āCompany Bā.
Now, in roles, create a role. Call it āGeneral Userā. It takes some time (the screen for Roles is not pretty) but going one row at a time, the most important lines are contacts, accounts, leads, opportunities to start. Going from left to right, pull down the options to enable certain permissions. Activate for sure. Create Yes. Edit you want to restrict to āgroupā. Delete probably āownerā (so that user can only delete their own stuff but I discourage deleting anything). Continue left to right for the record types you want to enable.
Hit save.
At the bottom of the roles page, you can select the six users to make them āgeneral usersā.
Group select 1, 2, and 3 and mass edit the security group to Group A. Do the same for 4, 5 and 6 and assign them Group B.
There will be some back and forth but eventually it works and itās a thing of beauty.
Remember:
- groups are the branch and enable seeing stuff from just your branch
- roles control what you can and canāt do
Later you can create a CEO roll that is a member of both groups in your example. But of course the CEO roll needs to have view all turned on ā¦ but editing and deleting turned off! No bias against CEOs but if they can break something, they will. 