Thread Details
  • State Verified Answer
  • Replies 7 replies
  • Subscribers 367 subscribers
  • Views 1759 views
  • Users 0 members are here
Forum Actions

How to control access on dashlets

Jeroen Somhorst

Hi, 

for a specific use case we would like to be able to control the access to dashlets. Currently , as far as I know, there is no way of configuring this. So any user can select the dashlet and we need to implement logic in de controller of that dashlet to find out if the current user is allowed to use it. 

I wonder if there is a different approach to accomplish this task. For instance for a certain dashlet prevent it from showing in the dashlet list. 

Is this possible?

  • 0
    Dear Jeroen,
     
    Unfortunately, I don't think there is any other way. You can only put limitations on the dashlet controller.
    Kind Regards!
    Rolustech Support
    Email: support@rolustech.com 
    Website: www.rolustech.com 
  • 0

    Is it the Dashlet that you don't want to make available or the data within the Dashlet?

  • 0 in reply to John Boyes

    We want to be able to control who can use the dashlet. Ideally we would like to have control on the list of dashlets per user/team/role. As said in the starting post currently we implement validation logic in the controller so if a user adds a dashlet and they are not entitled to use it they get an error.

  • 0

    Hi Jeroen,

    You can limit a dashlet by module in the config file of the dashlet, so, you can create a rol and permissions about the module for limit the user access. Because today I dont think there is a way for have the access control you want. 

    Or you can do it too, as an encrypted (a little of "name in disguise") dashlet name and an empty description so you hide the dashlet for the users.

    I hope it is helpful.

    Kind Regards.

  • +1

    ,

    Normally when you build a custom dashlet, you also have a custom api that goes with it, to retrieve from the backend the data you need to show.

    As you correctly hinted at, on the backend api side you would do all your check and balances (can the user see what will be shown? can the user act on what is presented the them?) and return the correct data to the UI part.

    Then on the UI part you can show relevant message (ie: an empty dashlet with a self-explanatory message, or the standard message used throughout the system "No data available.").

    Basically, any user would be able to add the dashlet, but it will not show anything (or potentially show partial information) for the users that are not supposed to have access.

    That's how I would implement it.

    Hope it helps

    --

    Enrico Simonetti

    Sugar veteran (from 2007)

    www.naonis.tech


    Feel free to reach out for consulting regarding:

    • API Integration and Automation Services
    • Sugar Architecture
    • Sugar Performance Optimisation
    • Sugar Consulting, Best Practices and Technical Training
    • AWS and Sugar Technical Help
    • CTO-as-a-service
    • Solutions-as-a-service
    • and more!

    All active SugarCRM certifications

    Actively working remotely with customers based in APAC and in the United States

  • 0 Sugar Employee Badge

    Hi Jeroen,

    I think you can see from the answers above that this is currently only solvable via code.

    I might suggest that if dashlets could be managed as records and associated with Teams, then the Sugar Teams security could take care of the rest. This might be a good idea to suggest to the Products team: https://sugarclub.sugarcrm.com/explore/sell/i/product-suggestions

    Regards,

    Adam

  • 0

    Many thanks everyone for the great suggestions. I just added a new idea to the product suggestions.