Announcement

Collapse
No announcement yet.

Security roles

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Security roles

    Hi,
    I have a question. We have several teams in ESPO database. Each member of a team can read and edit contacts of the own team. All contact fields are visible for team members.
    The role "member" in the team is set:
    Contacts: READ = team,

    We would like to configure the system in a way that team members from team a can also read contacts from team b but with the limitation that certain information is hidden. E.g. when member of team a access a contact of team b he cannot see the fields mail, telephone, birthday , other information is visable.

    How can we achieve such configuration?
    Any ideas?

    Thanks
    Ari


  • #2
    Hi,
    For your scenario you need:
    1. Create a Team 'C' (for the staff with the restricted access)
    2. Create a Role for the Team 'C' (you can specify a 'field level' permission in the role). Assign the Team 'C' to the new role.
    3. Add users of the Team 'A' into the Team 'C'.
    4. Assign Team 'C' to all the records of the Team 'B'.

    Comment


    • #3
      Thanks for your suggestion. I have tried to implement the idea above but unfortunately it doesn't work.
      It does not matter which user (Team A or Team B or Team C) I use, it doesn't show the hidden fields any more.

      Any farther ideas?

      Comment


      • #4
        Hi Ari,
        Please tell do roles linked to Teams, or every user is personally linked to a role in his profile?

        Comment


        • #5

          Hello Maximus, roles are linked to teams.

          Comment


          • #6
            Hello all, no ideas yet to my problem?

            Comment


            • esforim
              esforim commented
              Editing a comment
              Hi there, you can probably post some screenshot of the setup, perhaps someone may be provide to provide insight.

              Unfortunately I can't help as I don't really use this function.

          • #7
            ok, some screenshot...I hope it helps
            Attached Files

            Comment


            • #8
              Hello Ari,
              Sorry for the delayed reply.

              I was wrong. If a user has multiple roles, then they will be merged so that the permissive rule will have a higher priority. So in your case, the easiest way is to create a dynamic handler to hide these fields https://docs.espocrm.com/development/dynamic-handler/.

              Comment


              • #9
                Hello @Maximus,
                another tentative approach: we would like to configure the system in a way that each team can read all contacts from other teams with one exception. Contacts owned by "Team GL" are only visible for itself and for "Team UK" in read only mode. Other teams shall not have access to contacts owned by "Team GL".
                Is there a way to configure the system without customer-specific programming?
                Thanks for response Ari
                Attached Files

                Comment


                • #10
                  Anyone out there - for my problem?

                  Comment

                  Working...
                  X