Hello everyone and happy new year.

I have an issue with SuiteCRM, I’m trying to achieve something but I don’t know if it’s possible.

We have multiple users on our SuiteCRM, one like a manager which can see everything and an other user that have a restricted view on SuiteCRM.
I tried to create a role and add a role to a group to manage the view of the modules. But does it implies to add each records to the group ? Because if it is like that, even with the mass add security group, anytime we create a new record, we have to add the record to the group otherwise the record will not appear for the user. That can be complicated.
I wanted to know if we can manage the view only with role ? Because the role is connected to the user and I think it does not implies to add each record to the role right ?
In that case, will it be a view for only Assigned to record ?
If I have another user that need the same restricted view, but to be able to see the record of the other user that have that role, can it be possible only with role or only with security group ?

Thank you for your time and understanding. I’m quite new to SuiteCRM and I still have some difficulties to understand some security aspect of it.

Best regards

Sarah JS

Security Groups and Roles SuiteCRM Part 1

Security Groups and Roles SuiteCRM Part 2

Security Groups and Roles SuiteCRM Part 3

Yes but my issue is :
I create a group Sales for example then I create a role Sales and I attach this role to the group.
I add user A and user B to the group and I edit the role to group view.
Why user A cannot see the account of user B for example ?
Is this mandatory to add every records to the group to make this happen ?

Have you read this page?

There are 3 key steps to setting up Groups so that you work correctly.

1. Create a group for each team of users and add the appropriate users to the group.
2. Create a role and select the appropriate access levels. Assign that role to each group.
3. Add the groups to records in your SuiteCRM instance. You can use the Mass Assign on the List View to do this. Going forward the groups will automatically inherit based on your SecuritySuite Settings. You can also use logic hooks, workflow, or do a direct database insert into the securitygroups_records table if doing a one-time initial setup.

A Typical Setup:

Intro video:

This “SecuritySuite Settings” will probably answer your question.

Additive Rights

User gets greatest rights of all roles assigned to the user or the user’s group(s)

Strict Rights

If a user is a member of several groups only the respective rights from the group assigned to the current record are used.

New User Group Popup

If this is checked, a Security Groups popup will open when a new user is created, allowing you to add the user to a security group(s)

User Role Precedence

If any role is assigned directly to a user that role should take precedence over any group roles.

Filter User List

With this selected, non-admin users can only assign records to users who are in the same group(s)

Use Creator Group Select

Adds a panel to a record creation screen if a user is a member of more than one inheritable group that allows a user to select one or more groups (that the user belongs to) that should be associated with the newly created record. If a user is in just one group the normal inheritance rules will instead be applied.

The new record will still inherit from the Assigned To user or Parent record if these options are set. This setting only overrides the Created By setting.

Inherit from Created By User

The record will inherit all the groups assigned to the user who created it.

Inherit from Assigned To User

The record will inherit all the groups of the user assigned to the record.

Other groups assigned to the record will NOT be removed.

Inherit from Parent Record

E.g. If a case is created for a contact the case will inherit the groups associated with the contact.

Inbound email account

Locks down inbound email accounts in the email client to only list those that belong to the same group as the current user.

Default Groups for New Records

Set groups that should always be attached when a specific module record is created, e.g. you can set a group to be assigned to all newly created Account records.

Please let us know if it solves your issue.

Thank you. I read the page and yeah, it seems that if you use Security groups, you have to have the records to the group.
And for what I read, I understood that roles cannot be use to see group of people records, it can only assign views for group or assign to records.
So, it seems either my team adopt the group solution or the view they asking will not be possible.

If you activate these options in Admin > Security Suite Settings, these should go a long way to solving your issue, if not solve it completely. Post back and let us know.

Filter User List

With this selected, non-admin users can only assign records to users who are in the same group(s)

Use Creator Group Select

Adds a panel to a record creation screen if a user is a member of more than one inheritable group that allows a user to select one or more groups (that the user belongs to) that should be associated with the newly created record. If a user is in just one group the normal inheritance rules will instead be applied.

The new record will still inherit from the Assigned To user or Parent record if these options are set. This setting only overrides the Created By setting.

Inherit from Created By User

The record will inherit all the groups assigned to the user who created it.

Inherit from Assigned To User

The record will inherit all the groups of the user assigned to the record.

Other groups assigned to the record will NOT be removed.

Inherit from Parent Record

E.g. If a case is created for a contact the case will inherit the groups associated with the contact.

Inbound email account

Locks down inbound email accounts in the email client to only list those that belong to the same group as the current user.

Default Groups for New Records

Set groups that should always be attached when a specific module record is created, e.g. you can set a group to be assigned to all newly created Account records.

It’s solved my issue. Thank you. I didn’t see the group inheritance in security group settings. Like that, I can manage visibilities without having to fear that a record has been lost because there is no group attachment in the record.