Portal users cannot access emails

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • jacao
    Member
    • Mar 2024
    • 50
    #1

    Portal users cannot access emails

    Hello,

    I'm facing an issue where a portal user cannot access email messages. The permissions are set to the Account level. The messages are visible in the History panel, but clicking on them results in a 403 error. However, if the portal user (via the linked Contact) is the sender of the email, the message content can be displayed without issues.

    When I raise the portal user’s permission level to All, they are able to view all messages. When I lower it to Contact, only their own messages (sent by or addressed to them) are visible in the History panel and accessible as expected.

    With Account-level permissions I would expect the portal user to have access to all emails related to the Account they are linked to. The list in the History panel reflects this correctly. However, the Emails module — which displays the email contents — and the Stream (where these emails are embedded) do not follow the same logic.

    The portal user is linked to the same Account as the one associated with the email. I’ve tested this with multiple users and verified permissions and email associations. In my setup, most emails are primarily linked to a Case, but changing the parent entity does not affect this behavior.

    Roles:

    Click image for larger version Name: image.png Views: 19 Size: 32.3 KB ID: 120162

    Portal user view (on Case):

    Click image for larger version Name: image.png Views: 12 Size: 81.0 KB ID: 120163


    Email view by admin:
    ​​
    Click image for larger version Name: image.png Views: 12 Size: 37.7 KB ID: 120164
    ​​
    Portal user configuration:

    Click image for larger version Name: image.png Views: 13 Size: 33.4 KB ID: 120165

    EspoCRM version: 9.1.8.

    Any ideas? Thanks in advance...

    Regards, Jacek
    Tags: None
    • victor
      Active Community Member
      • Aug 2022
      • 976
      #2
      Try to put the current account "Urząd Gminy Gruszkowo" as Parent in these emails, and not the entry of Case "Ikona przesunęła się", as in your screenshot.

        Comment

        • jacao
          Member
          • Mar 2024
          • 50
          #3
          Changing parent to Account on email record changes... nothing. I've mention it

            Comment

            • victor
              Active Community Member
              • Aug 2022
              • 976
              #4
              Does the Portal User have the same email address in the Email field as the Account or Contact in their Contact or Account profile?

                Comment

                • jacao
                  Member
                  • Mar 2024
                  • 50
                  #5
                  Yes, it does. Portal users is created on Contact and has the same email and Account assignement. As I wrote all others Access roles works properly except Account level. Portal user see list of emails (all emails connected with account) but cannot see body of it (only own).

                    Comment

                    • jacao
                      Member
                      • Mar 2024
                      • 50
                      #6
                      We tested our case on Espo versions 9.1.7 and 8.4.2, and the behavior is exactly the same. The logs indicate a lack of access:

                      Code:
                      [2025-08-07 08:27:45] DEBUG: API (403) No 'read' access.; GET /678e414d0e24731ff/Email/68835e8b8e20514d4; Route pattern: /{portalId}/{controller}/{id}; Route params: Array (     [controller] => Email     [action] => read     [id] => 68835e8b8e20514d4     [portalId] => 678e414d0e24731ff )
[2025-08-07 08:27:45] NOTICE: (403) No 'read' access. :: GET /678e414d0e24731ff/Email/68835e8b8e20514d4 :: /var/www/html/application/Espo/Core/Record/Service.php(276)
[2025-08-07 08:27:49] DEBUG: BPM: processPendingFlows (all)
[2025-08-07 08:27:49] DEBUG: BPM: processTriggeredSignals
[2025-08-07 08:27:53] DEBUG: API (403) No 'read' access.; GET /678e414d0e24731ff/Email/689367621ca17b39a; Route pattern: /{portalId}/{controller}/{id}; Route params: Array (     [controller] => Email     [action] => read     [id] => 689367621ca17b39a     [portalId] => 678e414d0e24731ff )
[2025-08-07 08:27:53] NOTICE: (403) No 'read' access. :: GET /678e414d0e24731ff/Email/689367621ca17b39a :: /var/www/html/application/Espo/Core/Record/Service.php(276)
                      Please note that the issue affects only the Email entity and only when the permission level is set to Account. Moreover, changing the permission level from Contact to Account correctly exposes the list of emails related to the organization (as expected), but access to the email content itself is still denied.

                      In my opinion, this is a system bug. yuri , I kindly ask you to take a look and share your thoughts on this issue.

                        Comment

                        Previous template Next
                        Working...