Users vs. Groups vs. Roles and their interaction

We’re fairly new to SuiteCRM at our business (great CRM by the way!), I’m not new to IT, SQL, and databases.
With that in mind:

I’m trying to get a better grasp of how some of the security entities in SuiteCRM interact. I’ve viewed all the videos and tutorials out there (almost all for SugarCRM, similar, but not identical to SuiteCRM). I’ve read the book “Administering SugarCRM”, that being the only book I could find that dealt with the administrative side of SuiteCRM (well, SugarCRM, but close enough).

Our organization deals with leads, which may get promoted to Customers, or become Dead Leads. After we are done with a customer they go to the Finished-Installs table (or ‘module’ to use SuiteCRM terminology). We have adjusted the Leads module in SuiteCRM, and created Customers, Dead Leads, and Finished-Installs modules with similar entries as Leads.

On the personnel side we have sales people, admin people, IT people, and management, they all have accounts in SuiteCRM.

I understand that Security Suite Group Management deals with groups that control column level access in the Role section). This is where things get a little foggy though: I have set up a number of groups (Sales/IT/Admin/Management) and added the appropriate users to each group. In the Role Management section I’ve created similar roles (Sales/Admin etc.). For example under Sales I’ve added the user accounts involved in sales (and they are also in the Sales group), and in the Role setup screen I’ve set ‘View’ and ‘List’ to Group.

What is the difference between adding users to a group vs. adding users to a role? Does the “Group” choice for a column mean that the users listed under that role are matched to a group, and that group has then access to a record? For example, if ‘Edit’ is set to ‘Group’, do the users listed under the Role (at the bottom of that page) have edit access, or the group these users belong to? Or other users not listed under the Role screen but members of the same groups as those listed? Unfortunately all the examples for SugarCRM don’t have the ‘Group’ choice for their access rights, making it hard to pin down how this is supposed to work.

In the Group Management screen, when creating a group, there’s an entry for “Roles” at the bottom of the group setup. What is this supposed to do? When I select a role here, what effect does this have on access? Again, SugarCRM doesn’t seem to have this entry and none of the examples and videos discus it.

I understand that visibility of a record is determined by ownership of that record (“Assigned To” …). Does this work at the group level? So, if a user is a member of a group, do all the other group members have visibility too? If not, how do I set things up where other group members see the records?

Can I set ownership of a record to a group? I saw the entries in Security Settings for “Default Groups for New Records”, and I’ve set it so new records are associated with the Sales and Admin groups. Does that mean I can now use the “Group” selection in the Role setup screen, and all those group members will be able to see (and perform the selected Role functions) on those records?

We already have a number of records in the Leads/Customers/Dead-Leads etc. modules/tables. If the above access mechanism works by groups I’d like to re-assign those records to the right groups. However, there doesn’t seem to be a way to change the assignment of records: If I go to Leads, select all the records in there, there is a “Security Groups Mass Assign” option. When I select a group (and it seems only one group can be assigned) and click “Assign”, I get a blank screen with just the SuiteCRM menus at the top. Nothing happens after that. Nothing seems to get assigned either it seems, as the sales people cannot see all their records when ‘View’ is set to ‘Group’ in the role (and they are group members).

When going to the Customers module/table, and when I select all the records there, it does not have any option to re-assign these records to a group (or even an individual). The Customers module is one we made, as are the others except for Leads. Should there be a mandatory field included in each module for ownership to work?

That is about it for now. As you can tell I’m struggling with the overall, higher-level overview of how the various security entities are supposed to interact, and at a lower level how the entries on the various setup pages accomplish this. Any help and explanation would be very much appreciated! (A good manual for SuiteCRM would be fantastic too!)

Thank you!

Rob Beckers

Anyone that can enlighten me?

I can’t be the first one trying to sort out the security features of SuiteCRM, and I’m fairly certain others are struggling with the same, so an explanation would benefit not just me.

Anyone that can help with this, thanks in advance!

Rob Beckers

Here are a couple of YouTube videos that might help. Some While screens are different.

In this video is shows how you can set an entire column of settings by clicking the top row, a big time saver!. I didn’t know you could do that until I watched this video.

This video refers to:
Teams, SuiteCRM calls them Security Groups
Team Notices don’t exist in SuiteCRM

Hope these help.



Anybody knows the difference between users and employees ? Anytime I create an user, it automatically creates an employee, and vice versa.

Don’t really understand why we have these two modules.