Hi,
Am trying to figure out how to set up security for the dashlet “Opportunity By Month”.
Basically, we have 2 sales teams (GroupA, and GroupB ). Each group has 3 salesmen setting up their own opportunities. We would like to have each member of the same team view their team opportunities, but not those of the other team.
Currently, we have setup SuiteCRM as follows:
a. Roles:
- Role_A - Users=UserA1, UserA2, User A3; SecurityGroups=GroupA
- Role_B - UserB1, UserB2, UserB3; SecurityGroups=GroupB
- Permission Opportunities = Delete, Edit, List, View = Group; Export, Import, MassUpdate=Disabled
b. Groups
- Group_A: Users=UserA1, UserA2, User A3; Roles=Role_A
- Group_B: Users=UserB1, UserB2, UserB3; Roles=Role_B
We face the following situation.
When Permission for Opportunities: Delete, Edit, List, View = Owner
- Users can only view their own opportunities, which is fine, BUT, they are able to view all opportunities in the “Opportunity by Month” dashlet
When Permission for Opportunities: Delete, Edit, List, View = Group
- Users can view opportunities from their own group AND opportunities from the other group, which does not seem right.
Perhaps I am not setting the parameters right.
Apologies for the long post, but if someone can advise me what I am going wrong, it would be much appreciated.
Steven
Hi Steven,
On the admin page is a link for Security Suite Settings. What is chosen there can make the same group membership and role settings behave in different ways.
Cheers
Bruce
I have tried different combinations of the security settings but do not seem to get a combination that does what I need.
eg. To setup such that members of a group view only their own opportunities and not anyone else. I use
Roles: Opportunities view settings = “Group”, and include the security group
Groups: Include members of the group
However members of the groups can view all opportunities and it is not restricted to only their groups settings.
Am getting quite confused…
Create a default group called (say) “Default Group” which has a Role called (say) “Default Role” assigned to it with no rights to anything. ie: All columns are red.
Then go to “Security Suite Settings” and make it so the only thing not checked in the top panel is “New User Group Popup”.
Then, down the bottom in “Default Groups for New Records”, make all new users have the group “Default Group” and, obviously later assign that group to any existing users (except admins).
The process thus far, takes away the default behavior that everyone can see everything and sets the scene for additive security to work.
You can now add a Role to your user that has as many (usually group) rights, to as many objects, as you want.
Cheers
Bruce
3 Likes
Thats a good approach.
I should then be able to adjust the security settings accordingly.
Thanks
I have tested several scenarios, and I think that there is an issue.
These are the simplest steps to recreate the issue.
- Create some opportunities with different value amounts.
- Create a “Test” role. Set all permissions for the role to “None”
- Enable “Opportunities” and Set permissions for “List” and “View” to Group permissions.
- Assign this role to a newly created user, eg, “TestUser”
- Log-in using “TestUser” and create a new dashlet “My Top 10 Opportunities” and chart “Opportunity by Month”. Set the filter conditions to view opportunities for all users and stages, and ensure that the date range covers the opportunities you had created.
Result:
a. “My Top 10 Opportunities” would not display any opportunities, and this is correct as “TestUser” does not belong to any security groups
b. “Opportunities by Month” would display the opportunities you created, and also in other groups if these exist. This should not be the case as TestUser should only view opportunities in his own group.
Further testing
- Go to Roles and set the “List” and “View” permissions for opportunities to “None”
- Log out of “TestUser” and log in again to refresh the permissions.
- “My Top 10 Opportunities” does not display any records
- “Opportunities by Month” continues to show all the opportunities.
This does not look like expected behaviour. Should I report this as a bug?
Steven
Hi Steven,
I will have a go at this soon, and let you know if I can repeat it.
Cheers
Bruce