Announcement

Collapse
No announcement yet.

Hiding most of Account in detail layout based on Team condition

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Hiding most of Account in detail layout based on Team condition

    Hi to all,

    I'd like to achieve the following with Espo:
    - let users see contacts, account and leads when browsing list
    - hide most of details when in detail of a particular record; hiding should be based on team membership criteria. For example: if the record is assigned to a team I belong to I should be able to see everything. Otherwise only name, address and assigned team.

    I tried to poke with field conditions but I cannot use complex expressions there.

    Is there a way to achieve this? Any clue?

    thankx a lot,
    Michele
    Tags: None
  • #2
    Hello,
    you have Field Level security in Roles

    Comment

    • #3
      Originally posted by tanya View Post
      Hello,
      you have Field Level security in Roles
      Uhm.. thanks Tanya... I didn't think of it...
      If I understand it well you are suggesting I could create a base role with sees everything but hiding most fields and a second role, assigned to team, that lets user see all details and modify them? This could match my requirements... I'm going to try this.

      What about the new 5.3.0 feature of hiding layouts panels base on conditions? Can you tell me st more?

      Thanks,
      Michele

      Comment

      • #4
        You understand it well
        Security Roles in EspoCRM
        https://www.espocrm.com/video/security-roles/
        What are Security Roles? How can one define what a user can and cannot do within a CRM system? In this video tutorial: Learn how to implement user security roles into EspoCRM system, find out how to restrict access to a specific information and define assignment, user and portal permissions to speci...


        example - Administration > Layout Manager > Account > Detail > next to the panel name Details you can find the pencil icon. And you can set the Condition making panel visible.

        Comment

        • #5
          [QUOTE=tanya;n40062]You understand it well
          Security Roles in EspoCRM
          https://www.espocrm.com/video/security-roles/
          What are Security Roles? How can one define what a user can and cannot do within a CRM system? In this video tutorial: Learn how to implement user security roles into EspoCRM system, find out how to restrict access to a specific information and define assignment, user and portal permissions to speci...


          Only a minor quirk:

          role A: lead read = all, others=no field lead->email disabled (r w)
          role B: lead read = team, other=team

          The read = team in role B is not enough to see all fields of record but I need to explicitly add in role B at field level: field lead->email = yes (w) yes (w)

          Is this the intended behaviour?

          Thanks a lot,
          Michele

          Comment

          • #6
            [QUOTE=michib;n40064]
            Originally posted by tanya View Post
            You understand it well
            Security Roles in EspoCRM
            https://www.espocrm.com/video/security-roles/
            What are Security Roles? How can one define what a user can and cannot do within a CRM system? In this video tutorial: Learn how to implement user security roles into EspoCRM system, find out how to restrict access to a specific information and define assignment, user and portal permissions to speci...


            The read = team in role B is not enough to see all fields of record but I need to explicitly add in role B at field level: field lead->email = yes (w) yes (w)

            Is this the intended behaviour?
            Unfortunately when I enable in role B field visibility r w for field email then it pops up even in record non belonging to team. It seems to me that field level security doesn't work together with no/all/team mask in records permissions...

            Or am I missing something ?

            Thanks,
            Michele

            Comment

            • #7
              Yes, Field level security has only access yes and no. But roles are merge.
              If a user has multiple roles then they will be merged so that permissive rule will have a higher priority. (if you don't set ACL Strict Mode)

              Comment

              • #8
                if team B with role B can read only leads from the team, it can see only record, related to the team. And can edit email field for all records, which it can see

                Comment

                • #9
                  Originally posted by tanya View Post
                  if team B with role B can read only leads from the team, it can see only record, related to the team. And can edit email field for all records, which it can see
                  Thanks Tanya, yes, this works ok.

                  But for records which are not associated to team B? I expected not to see field email at all because role B does "not apply" to them but it happens that I see it! So security field level works like this: if you have this role B then you see field email for every record you can see and NOT for every record the role B works on. I expected this...

                  I'll try with ACL strict to see what happens.

                  Michele

                  Comment

                  • #10
                    Originally posted by michib View Post

                    I'll try with ACL strict to see what happens.
                    Hi Tanya, poking with ACL strict mode doesn't change this behaviour.
                    So going back to my original issue: it seems that with Field Level Security is not possibile to hide details based on team membership...

                    thanks,
                    Michele

                    Comment

                    Previous template Next
                    Working...
                    X