Announcement

**abidoss** · 01-02-2024, 01:43 PM

Permissions¶

The files and directories should have the following permissions:

data, custom, client/custom – should be writable all files, directories and subdirectories (664 for files, 775 for directories, including all subdirectories and files);
application/Espo/Modules, client/modules – should be writable the current directory (775 for the current directory, 644 for files, 755 for directories and subdirectories);
bin/command – should be executable (754);
all other files and directories should be readable (644 for files, 755 for directories).

To set the permissions, execute these commands in the terminal:
cd <PATH-TO-ESPOCRM-DIRECTORY>
find . -type d -exec chmod 755 {} + && find . -type f -exec chmod 644 {} +;
find data custom client/custom -type d -exec chmod 775 {} + && find data custom client/custom -type f -exec chmod 664 {} +;
chmod 775 application/Espo/Modules client/modules;
chmod 754 bin/command;

**scalisto** · 01-02-2024, 02:39 PM

I've done that too, but if I do it with the user I installed EspoCRM with, I get the message "Operation not permitted" in all the files and directories, even when I put sudo first. For example, this one:

chmod: changing permissions of 'client/modules': Operation not permitted

**abidoss** · 01-02-2024, 03:22 PM

Try with root

**rabii** · 01-02-2024, 03:51 PM

Originally posted by scalisto View Post

After migrating EspoCRM from CentOS to Ubuntu 22.4 and upgrading to version 7.4.6, I've noticed that some users are having problems with permissions.

All users who are not EspoCRM members of a specific role are unable to create new fields in the CRM (even if they are allowed in the role part) and receive the error "Error 403: Access denied Can't relate with forbidden Team record. read access required.", but they can only change them.
I did a test and, when I changed a user with the "DSSI MZ" role to "DSSI PT", this user was able to create the field.

Almost all the roles have the same permissions, but only one is working.
I thought about recreating the affected roles, but the existing records for the users will be deleted (right)?

Check if those users inherits permissions from roles assigned to their teams.

if the data is assigned properly to the users, it should not affect how data is assigned if you created a new roles. I suggest you create new roles assign them and then remove old roles.

**yuri** · 01-02-2024, 04:33 PM

In Roles, give 'read' access for the entity Team.

Announcement

Error 403: Access denied Can't relate with forbidden Team record read access required

Error 403: Access denied Can't relate with forbidden Team record read access required

Comment

Comment

Comment

Comment

Comment