Security roles

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Ari
    Junior Member
    • Aug 2020
    • 22

    Security roles

    Hi,
    I have a question. We have several teams in ESPO database. Each member of a team can read and edit contacts of the own team. All contact fields are visible for team members.
    The role "member" in the team is set:
    Contacts: READ = team,

    We would like to configure the system in a way that team members from team a can also read contacts from team b but with the limitation that certain information is hidden. E.g. when member of team a access a contact of team b he cannot see the fields mail, telephone, birthday , other information is visable.

    How can we achieve such configuration?
    Any ideas?

    Thanks
    Ari

  • Maximus
    Senior Member
    • Nov 2018
    • 2731

    #2
    Hi,
    For your scenario you need:
    1. Create a Team 'C' (for the staff with the restricted access)
    2. Create a Role for the Team 'C' (you can specify a 'field level' permission in the role). Assign the Team 'C' to the new role.
    3. Add users of the Team 'A' into the Team 'C'.
    4. Assign Team 'C' to all the records of the Team 'B'.

    Comment

    • Ari
      Junior Member
      • Aug 2020
      • 22

      #3
      Thanks for your suggestion. I have tried to implement the idea above but unfortunately it doesn't work.
      It does not matter which user (Team A or Team B or Team C) I use, it doesn't show the hidden fields any more.

      Any farther ideas?

      Comment

      • Maximus
        Senior Member
        • Nov 2018
        • 2731

        #4
        Hi Ari,
        Please tell do roles linked to Teams, or every user is personally linked to a role in his profile?

        Comment

        • Ari
          Junior Member
          • Aug 2020
          • 22

          #5

          Hello Maximus, roles are linked to teams.

          Comment

          • Ari
            Junior Member
            • Aug 2020
            • 22

            #6
            Hello all, no ideas yet to my problem?

            Comment


            • esforim
              esforim commented
              Editing a comment
              Hi there, you can probably post some screenshot of the setup, perhaps someone may be provide to provide insight.

              Unfortunately I can't help as I don't really use this function.
          • Ari
            Junior Member
            • Aug 2020
            • 22

            #7
            ok, some screenshot...I hope it helps
            Attached Files

            Comment

            • Maximus
              Senior Member
              • Nov 2018
              • 2731

              #8
              Hello Ari,
              Sorry for the delayed reply.

              I was wrong. If a user has multiple roles, then they will be merged so that the permissive rule will have a higher priority. So in your case, the easiest way is to create a dynamic handler to hide these fields https://docs.espocrm.com/development/dynamic-handler/.

              Comment

              • Ari
                Junior Member
                • Aug 2020
                • 22

                #9
                Hello @Maximus,
                another tentative approach: we would like to configure the system in a way that each team can read all contacts from other teams with one exception. Contacts owned by "Team GL" are only visible for itself and for "Team UK" in read only mode. Other teams shall not have access to contacts owned by "Team GL".
                Is there a way to configure the system without customer-specific programming?
                Thanks for response Ari
                Attached Files

                Comment

                • Ari
                  Junior Member
                  • Aug 2020
                  • 22

                  #10
                  Anyone out there - for my problem?

                  Comment

                  Working...