Tweet
My users want admins to not have access to read those sensitive fields, although admin still need to have access to the administration menu for the purpose of updating features and system management.
-
-
-
any idea which file i can edit for custom it?Comment
-
It dependents on what you want to achieve - it is not just one file you will need to dive into espocrm codebase and figure out how it work then you can customise it. an alternative is to use metadata to define scope access level / field access level to the admin.
Comment
-
You can also utlize output filters. Create a filter for a particular entity type and clear particular fields for certain users (you can match the user by the ID or indtroduce a custom field for the User entity type, e.g. a boolean 'isRestrictedAdmin').
Note that it will be only a lite protection, a half measure. A skilfull admin user will be able to utilize features like formula, installable extantions, to obtain data if they really want it.If you find EspoCRM good, we would greatly appreciate if you could give the project a star on GitHub. We believe our work truly deserves more recognition. Thanks.Comment
-
Additional protection measures.
1. Config parameter 'adminUpgradeDisabled' – disables the ability to upgrade or upload extensions via the UI;
2. Config parameter 'restrictedMode' – for 'admin' users disables the ability to upgrate, install extensions, as well as to change certain settings parameters (which parameters are disabled is defined by metadata, hence you can restrict specific paramters).
Only 'super-admin' user will have full access. The super admin user cannot be created via the UI, you need to change the user type in the database.
-
Comment