Security roles

Collapse
X
 
  • Time
  • Show
Clear All
new posts

  • Ari
    replied
    Anyone out there - for my problem?

    Leave a comment:


  • Ari
    replied
    Hello @Maximus,
    another tentative approach: we would like to configure the system in a way that each team can read all contacts from other teams with one exception. Contacts owned by "Team GL" are only visible for itself and for "Team UK" in read only mode. Other teams shall not have access to contacts owned by "Team GL".
    Is there a way to configure the system without customer-specific programming?
    Thanks for response Ari
    Attached Files

    Leave a comment:


  • Maximus
    replied
    Hello Ari,
    Sorry for the delayed reply.

    I was wrong. If a user has multiple roles, then they will be merged so that the permissive rule will have a higher priority. So in your case, the easiest way is to create a dynamic handler to hide these fields https://docs.espocrm.com/development/dynamic-handler/.

    Leave a comment:


  • Ari
    replied
    ok, some screenshot...I hope it helps
    Attached Files

    Leave a comment:


  • esforim
    commented on 's reply
    Hi there, you can probably post some screenshot of the setup, perhaps someone may be provide to provide insight.

    Unfortunately I can't help as I don't really use this function.

  • Ari
    replied
    Hello all, no ideas yet to my problem?

    Leave a comment:


  • Ari
    replied

    Hello Maximus, roles are linked to teams.

    Leave a comment:


  • Maximus
    replied
    Hi Ari,
    Please tell do roles linked to Teams, or every user is personally linked to a role in his profile?

    Leave a comment:


  • Ari
    replied
    Thanks for your suggestion. I have tried to implement the idea above but unfortunately it doesn't work.
    It does not matter which user (Team A or Team B or Team C) I use, it doesn't show the hidden fields any more.

    Any farther ideas?

    Leave a comment:


  • Maximus
    replied
    Hi,
    For your scenario you need:
    1. Create a Team 'C' (for the staff with the restricted access)
    2. Create a Role for the Team 'C' (you can specify a 'field level' permission in the role). Assign the Team 'C' to the new role.
    3. Add users of the Team 'A' into the Team 'C'.
    4. Assign Team 'C' to all the records of the Team 'B'.

    Leave a comment:


  • Ari
    started a topic Security roles

    Security roles

    Hi,
    I have a question. We have several teams in ESPO database. Each member of a team can read and edit contacts of the own team. All contact fields are visible for team members.
    The role "member" in the team is set:
    Contacts: READ = team,

    We would like to configure the system in a way that team members from team a can also read contacts from team b but with the limitation that certain information is hidden. E.g. when member of team a access a contact of team b he cannot see the fields mail, telephone, birthday , other information is visable.

    How can we achieve such configuration?
    Any ideas?

    Thanks
    Ari

Working...