Overview
In order to restrict access for some users you need to use Roles. Administrator can manage roles in Administration panel. Each role defines an access to certain areas (scopes) which is applied to users who own that role.
One user can have multiple roles. Those roles can be selected for a specific user (‘Roles’ field in User entry) and/or be inherited from the teams that user belongs to.
If a user has multiple roles then they will be merged so that permissive rule will have a higher priority. That allows administrator to manage access level control easily and flexibly.
Example
For example, user belongs to team ‘Sales’. That team has single role ‘Salesman’. So all users from this team will obtain ‘Salesman’ role.
‘Salesman’ role is defined the following way:
Lead:
read – team
edit – own
delete – no
Opportunity:
read – team
edit – own
delete – no
- Users will be able to read only those leads and opportunities which belong to ‘Sales Department’ team (‘Teams’ field).
- User will be able to edit only those leads and opportunities which they are assigned to or those they have created.
- Users won’t be able to remove any leads or opportunities.
We want to give more rights to a certain user who holds sales manager position in the company. This employee must have an ability to read/edit/delete all records from ‘Sales’ team. The user should belong to our ‘Sales’ team. But we need to create the new role ‘Sales Manager’ and select this role for that user in ‘Roles’ field.
‘Sales Manager’ role is defined the following way:
Lead:
read – team
edit – team
delete – team
Opportunity:
read – team
edit – team
delete – team
Our user will be able to manager all leads and opportunities from the ‘Sales’ team.
hello, we installed the crm but mistakenly remove the Administrator user
how we can resolve this because we can not set up new users
Hello Team,
I have created some roles and access level, but the access control not work. All roles has the some access level is enable.
Could you help me to fix it.
Regards,
Purdianta
Hi! I am running Espo Crm Version 3.4.2.
I created a Group. Then a Role. Assigned Role -> Group. Then I create a user and assign Group -> User.
Now if I change Role permission, these permissions do not change for the user… is this normal?
I tried clearing the cache.
Thanks for all the suggestions in advance!
I am having CRM Version 3.6.2. I created two users (Admin, Philip). Admin belongs to Management Role in which I didn’t restrict any access.
Philip (User) belongs to Sales Role, I have modified the sales role as below
Accounts enabled no no no
Leads enabled own own own
If I login as a Philip user, I am able to see all the accounts created by Admin. I am able to modify those accounts, Even Philip user is able to delete it.
All the leads which is created by Admin is viewable and editable for Philip user, It seems Permissions which is defined for Role is not working.
Any Suggestions ?
Did you clear cache?
To check whether roles is applied to the certain user you can open that user and click Access button.