[Vtigercrm-developers] Programatically create roles from profiles - A Better Explanation of Our Needs!
Hamono, Chris (DPC)
Chris.Hamono at sa.gov.au
Fri May 1 07:34:50 GMT 2015
Thanks Alan
Try tell a client next time you are asked to create a bespoke CRM that they need 300 CRM's. Somehow I don't think you would last in that job too long!
Reporting is just one of the items the sysadmin needs to do. If a new agency needs to be created it's not acceptable to ask the sysadmin to run up a new instance. Users need to be moved from agency to agency. Etc. asking them to login and maintain credentials in 300 different installs is crazy so I'd have to build a single sign on ( I am looking at LDAP though ).
Although for simplicity I called them sysadmins they do not have administrator rights just a Role.
As far as the security goes we have discussed the implications and it has been ruled as acceptable. But we are to make all efforts to ensure it doesn't happen. Such as no system upgrades without full UAT (user acceptance testing).
While it may look like a multi tenanted install we are all one organisation we just have lots of agencies they are separate units. Hence the separation requirement.
We have been playing with the sharing rules this afternoon and they actually come close to what we need. Certainly a lot easier than trying to create a nasty nest of Profiles and Roles.
Not out of the woods yet but I can see the forests edge :)
Chris
-----Original Message-----
From: vtigercrm-developers-bounces at lists.vtigercrm.com [mailto:vtigercrm-developers-bounces at lists.vtigercrm.com] On Behalf Of Alan Lord
Sent: Friday, 1 May 2015 4:03 PM
To: vtigercrm-developers at lists.vtigercrm.com
Subject: Re: [Vtigercrm-developers] Programatically create roles from profiles - A Better Explanation of Our Needs!
From what you describe it sounds like the only reason you don't want to run independent vtiger instances for each agency is for reporting...
You _might_ want think about using some of kind of BI platform to handle the top level reporting across multiple vtiger databases rather than trying to manage what could end up being a huge User Access Control hierarchy.
You and your customers will also need to have exceptionally strong belief in the administration team and vtiger's code to not let data "leak" between agencies either because of a bug or a minor misconfiguration.
Also, in your plan you will have one instance of vtiger and one MySQL database. If either part breaks *every* agency cannot work.
Personally - I would look at solving to top level reporting problem rather than trying to make vtiger with like a multi-tennant solution...
Or you could ask the vtiger team if they will sell you a copy of their On-Demand platform ;-)
HTH
Al
On 01/05/15 02:42, Hamono, Chris (DPC) wrote:
>
> In a nutshell:
>
> System admin needs to be able to report across all agencies Agency
> roles cannot access information from another agency
>
> Agency Managers can create users and assign roles to that user
>
> Roles within an agency have full access to tickets, which means create
> edit and delete.
>
> Roles within an agency must be able to raise invoices.
_______________________________________________
http://www.vtiger.com/
More information about the vtigercrm-developers
mailing list