Announcement

Collapse
No announcement yet.

Email security

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Email security

    We are currently trialing ESPOCRM and it has great features for us but I am having some issues with respect to the email part of it. I have connected to MS exchange as we currently use Outlook for email and the emails are transferring ok BUT if I click 'All' in the email page (see attached) I get to see all emails from all users. Is there a way of removing the 'All' option as there are senior people planning to use the system and they don't want sensitive emails to be seen by other staff. Ideally these have to be restricted to be viewed only the relevant user unless the system can find a link to a contact\account\etc, at which point it then needs to be viewed by all.
    Attached Files
    Tags: None
  • #2
    Hello,
    for this purposes in Espo created a role. Using a role you can restrict the access of the users to alien emails. Here you can find more about roles:
    1. https://www.espocrm.com/documentatio...es-management/
    2. https://www.espocrm.com/tips/security-roles/
    3. https://www.espocrm.com/video/security-roles/

    Comment

    • rmorgan
      #2.1
      rmorgan commented
      02-21-2019, 05:24 PM
      Editing a comment
      I still dont think that it can do as required unless I am missing something. I only want users to be able to view their own emails in the email section and nobody else's UNLESS they are linked to something relevant in the database e.g. a customer or account. The 'All' option should not be there for my use case otherwise there is no privacy.

      If an email comes to me and is then linked to a customer \ account etc then the should be available for others to see. Additionally sent emails linked to those people in the database should be available for others to see not all of my sent emails which is how it seems to work currently.

      Currently if I limit the Roles Scope permission to 'Own' then nobody can see the communication chain with a customer except me. If I open it up to team or all then other users can not only see the communications with customer but can see all of my emails via the email page.

      Unfortunately I cannot understand much about the Field level as I cannot find much documentation - I have tried various things but to no avail.

      I can hide the email link by removing from the User Interface but if somebody knows the shortcut then it will appear and I am back in the same position!

      Am I missing something obvious?

      Basically is there a simple way of disabling the 'All' option in the email page?
  • #3
    Thank. Just recently faced the same problem.

    Comment

    • #4
      I fixed the issue myself (I think!)....here is what I did. Locate the file Email.php. On my machine it is located c:\bitnami\espocrm-5.5.1-0\apps\espocrm\htdocs\application\Espo\Selectmanag ers\

      Change the code on line 49 (or there about) - I added one line of code so that the 'All' option becomes obsolete. You will still see the All text onscreen but it will do the same as pressing the Inbox link.

      Now other users cannot see your inbox.

      public function applyFolder($folderId, &$result)
      {
      switch ($folderId) {
      case 'all':
      $this->filterInbox($result); /* RM added 25/02/19 - previously empty*/
      break;
      case 'inbox':
      $this->filterInbox($result);
      break;
      case 'important':
      $this->filterImportant($result);
      break;
      case 'sent':
      $this->filterSent($result);
      break;
      case 'trash':
      $this->filterTrash($result);
      break;
      case 'drafts':
      $this->filterDrafts($result);
      break;
      default:
      $this->applyEmailFolder($folderId, $result);
      }
      }

      Comment

      Previous template Next
      Working...
      X