We’re using Suite to managing cases (with associated tasks, emails, documents, invoices, etc.)
We’re expanding to multiple locations. Management wants to be able to see all cases for all locations but have employees at each location only see the CRM case records (and associated records) that are associated with that location.
It seems we could use the Account as the Office Location and then would need to customize the user module to allow for specifying one or more accounts the user has permissions for then modify all the modules we use to check the associated account and if the user doesn’t have permissions for that account don’t show the record to them.
Is there an add-on that does this? It seems a multi-office environment like this would be a pretty common scenario. I suppose the other solution would be to have each office have their own CRM instance and then just create custom reporting for management. But the problem is there are “super users” that may need to view/edit records from different offices and having them login and logout of each office’s CRM instance would be not the right solution.
But what about when a new case is created? Will the case and the parent account that is created automatically be assigned to the security group that the user belongs to?
What about if the user is a “Super User” that needs to see all cases. Can they be assigned to multiple security groups? What security group is the case and parent account assigned to when the super user creates a case?
I am not so sure the security groups function has all the capabilities necessary to produce the desired functionality?
So I setup two roles, techs and client managers and assigned users to them. The techs serve all clients so they get to see all records. The account managers should only see the records for their clients (there are only two clients) BUT managers can access more modules than techs.
When I go into the Security Groups, you can configure associated users and roles. I thought that since users were in the tech role, they would be part of the security group if I added that role. But apparently that’s not how it works. So what happens if the users is assigned to a role and to a security group, and in that security group the user and role is also assigned there? I can’t see why you would have a user that is assigned to a security group but not assigned to a role?
So is this the correct way:to setup it up. Setup two roles, elevated (most modules) and regular. Assign the techs to the regular role and the managers to the elevated roll.
In security groups, assign the techs to both client groups and the managers to only their client’s group. Don’t assign any roles to the security groups as I need the roles to be tied to the users not the groups.
Managers have more role privledges than techs. (So I assume I need two roles, and managers is assigned to both of them).