[Vtigercrm-developers] A user can assign an entity to all other users and groups
Jonathan Sardo
sardoj at gmail.com
Fri Jan 3 13:56:48 GMT 2014
Sreenivas,
Thank you for your answer. But I think there is a digression from Vtiger 5
to Vtiger 6.
*Here a use case:*
Vtiger CRM is used for a company called "MyBigCompany International" which
is composed by several branches:
- Branch 1: MyBigCompany London
- Branch 2: MyBigCompany Paris
- Branch 3: MyBigCompany New York
Theses branches *never communicate together* and we do not want, for
example, an user from MyBigCompany London assigns a record to users from
MyBigCompany Paris.
To filter data, it is necessary to set modules to *private mode*.
Given, *private
mode uses Groups to filter records*, you have to create several groups (1
group by branch):
- Group 1: MyBigCompany London
- Group 2: MyBigCompany Paris
- Group 3: MyBigCompany New York
If I follow your method, I create also 3 roles:
- Role 1: Role for MyBigCompany London
- Role 2: Role for MyBigCompany Paris
- Role 3: Role for MyBigCompany New York
[image: Images intégrées 5]
However, as *the assignment system uses Roles rather than Groups*, it is
possible to assign a record to* every groups*.
[image: Images intégrées 4]
*(Demo user is in the group "MyBigCompany London" and has the role "Role
for MyBigCompany London")*
I think it is a *security vulnerability in Vtiger 6.* But this problem does
not exist in Vtiger 5, given the assignment system uses Groups.
Regards,
Jonathan SARDO
[image: Images intégrées 5]
2014/1/3 Sreenivas Kanumuru <svk at vtiger.com>
> Jonathan,
>
> *I would like to create two groups: Company1 and Company2. Data will be
>> well filtered for each companies, but members of Company1 will be able to
>> assign records to members of Company2. Is it possible to add this choice
>> into the Role Edit View: User can assign records to users with same group?*
>
>
> A user can belong to multiple groups. So, "*User can assign records to
> users with same group" *choice might not be appropriate.
>
> In your case, It is better to create two different roles at the same
> level. Role 1 for Company1 and Role 2 for Company2. Users with Role1 will
> only be able to assign records to users in their company using the "Users
> having same role or subordinate roles' setting.
>
> Regards,
> Sreenivas
>
>
>
>
> On Wed, Jan 1, 2014 at 5:10 PM, Jonathan Sardo <sardoj at gmail.com> wrote:
>
>> Prasad,
>>
>> Thanks for the explanation. It sounds good!
>> But, for several reasons, if I want to manage two companies with the same
>> CRM?
>>
>> I would like to create two groups: Company1 and Company2.
>> Data will be well filtered for each companies, but members of Company1
>> will be able to assign records to members of Company2.
>>
>> Is it possible to add this choice into the Role Edit View: User can
>> assign records to users with same group?
>>
>>
>> Cordialement,
>>
>> Jonathan SARDO
>> [image: Images intégrées 5]
>> Tél. 06 99 45 50 47
>>
>>
>> 2014/1/1 Prasad <prasad at vtiger.com>
>>
>>> The configuration for the respective role determines the assignment
>>> control now.
>>> Review https://wiki.vtiger.com/vtiger6/index.php/August_2_Highlights
>>>
>>> Regards,
>>> Prasad
>>>
>>>
>>>
>>> *Connect with us on: *Twitter <http://twitter.com/vtigercrm> *I*
>>> Facebook <http://www.facebook.com/pages/vtiger/226866697333578?sk=wall>
>>> *I* Blog <https://blogs.vtiger.com/>* I* Wiki<http://wiki.vtiger.com/index.php/Main_Page>
>>> *I *Forums <https://discussions.vtiger.com>*I* Website<https://www.vtiger.com/>
>>>
>>>
>>> On Wed, Jan 1, 2014 at 4:03 PM, Jonathan Sardo <sardoj at gmail.com> wrote:
>>>
>>>> Hello,
>>>>
>>>> There still is a problem with security permissions.
>>>>
>>>> When a module is "Private", data are well filtered and only members of
>>>> a same Group can see it.
>>>> However, a user can assign an entity to everybody regardless of Roles
>>>> or Groups.
>>>>
>>>> Please, reopen this ticket:
>>>> http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/7806
>>>>
>>>> Screenshot:
>>>> [image: Images intégrées 1]
>>>>
>>>> Regards,
>>>>
>>>> Jonathan SARDO
>>>> [image: Images intégrées 5]
>>>>
>>>> _______________________________________________
>>>> http://www.vtiger.com/
>>>>
>>>
>>>
>>> _______________________________________________
>>> http://www.vtiger.com/
>>>
>>
>>
>> _______________________________________________
>> http://www.vtiger.com/
>>
>
>
> _______________________________________________
> http://www.vtiger.com/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20140103/400d8695/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 17820 bytes
Desc: not available
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20140103/400d8695/attachment-0004.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 4223 bytes
Desc: not available
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20140103/400d8695/attachment-0005.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 22943 bytes
Desc: not available
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20140103/400d8695/attachment-0006.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 15932 bytes
Desc: not available
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20140103/400d8695/attachment-0007.png>
More information about the vtigercrm-developers
mailing list