Hiding most of Account in detail layout based on Team condition

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • michib
    Member
    • Sep 2016
    • 65

    Hiding most of Account in detail layout based on Team condition

    Hi to all,

    I'd like to achieve the following with Espo:
    - let users see contacts, account and leads when browsing list
    - hide most of details when in detail of a particular record; hiding should be based on team membership criteria. For example: if the record is assigned to a team I belong to I should be able to see everything. Otherwise only name, address and assigned team.

    I tried to poke with field conditions but I cannot use complex expressions there.

    Is there a way to achieve this? Any clue?

    thankx a lot,
    Michele
  • tanya
    Senior Member
    • Jun 2014
    • 4308

    #2
    Hello,
    you have Field Level security in Roles

    Comment

    • michib
      Member
      • Sep 2016
      • 65

      #3
      Originally posted by tanya
      Hello,
      you have Field Level security in Roles
      Uhm.. thanks Tanya... I didn't think of it...
      If I understand it well you are suggesting I could create a base role with sees everything but hiding most fields and a second role, assigned to team, that lets user see all details and modify them? This could match my requirements... I'm going to try this.

      What about the new 5.3.0 feature of hiding layouts panels base on conditions? Can you tell me st more?

      Thanks,
      Michele

      Comment

      • tanya
        Senior Member
        • Jun 2014
        • 4308

        #4
        You understand it well
        What are Security Roles? How can one define what a user can and cannot do within a CRM system? In this video tutorial: Learn how to implement user security roles into EspoCRM system, find out how to restrict access to a specific information and define assignment, user and portal permissions to speci...


        example - Administration > Layout Manager > Account > Detail > next to the panel name Details you can find the pencil icon. And you can set the Condition making panel visible.

        Comment

        • michib
          Member
          • Sep 2016
          • 65

          #5
          [QUOTE=tanya;n40062]You understand it well
          What are Security Roles? How can one define what a user can and cannot do within a CRM system? In this video tutorial: Learn how to implement user security roles into EspoCRM system, find out how to restrict access to a specific information and define assignment, user and portal permissions to speci...


          Only a minor quirk:

          role A: lead read = all, others=no field lead->email disabled (r w)
          role B: lead read = team, other=team

          The read = team in role B is not enough to see all fields of record but I need to explicitly add in role B at field level: field lead->email = yes (w) yes (w)

          Is this the intended behaviour?

          Thanks a lot,
          Michele

          Comment

          • michib
            Member
            • Sep 2016
            • 65

            #6
            [QUOTE=michib;n40064]
            Originally posted by tanya
            You understand it well
            What are Security Roles? How can one define what a user can and cannot do within a CRM system? In this video tutorial: Learn how to implement user security roles into EspoCRM system, find out how to restrict access to a specific information and define assignment, user and portal permissions to speci...


            The read = team in role B is not enough to see all fields of record but I need to explicitly add in role B at field level: field lead->email = yes (w) yes (w)

            Is this the intended behaviour?
            Unfortunately when I enable in role B field visibility r w for field email then it pops up even in record non belonging to team. It seems to me that field level security doesn't work together with no/all/team mask in records permissions...

            Or am I missing something ?

            Thanks,
            Michele

            Comment

            • tanya
              Senior Member
              • Jun 2014
              • 4308

              #7
              Yes, Field level security has only access yes and no. But roles are merge.
              If a user has multiple roles then they will be merged so that permissive rule will have a higher priority. (if you don't set ACL Strict Mode)

              Comment

              • tanya
                Senior Member
                • Jun 2014
                • 4308

                #8
                if team B with role B can read only leads from the team, it can see only record, related to the team. And can edit email field for all records, which it can see

                Comment

                • michib
                  Member
                  • Sep 2016
                  • 65

                  #9
                  Originally posted by tanya
                  if team B with role B can read only leads from the team, it can see only record, related to the team. And can edit email field for all records, which it can see
                  Thanks Tanya, yes, this works ok.

                  But for records which are not associated to team B? I expected not to see field email at all because role B does "not apply" to them but it happens that I see it! So security field level works like this: if you have this role B then you see field email for every record you can see and NOT for every record the role B works on. I expected this...

                  I'll try with ACL strict to see what happens.

                  Michele

                  Comment

                  • michib
                    Member
                    • Sep 2016
                    • 65

                    #10
                    Originally posted by michib

                    I'll try with ACL strict to see what happens.
                    Hi Tanya, poking with ACL strict mode doesn't change this behaviour.
                    So going back to my original issue: it seems that with Field Level Security is not possibile to hide details based on team membership...

                    thanks,
                    Michele

                    Comment

                    Working...