Custom Visibility Code

Hi Everyone,

Does anyone know if it's possible to have custom visibility code that will show a module results in the sub panels under a record but not allow the user to open that result or view the result in a report unless that have access to the team associated with the result? Hopefully the example below makes sense.

Example:

Organization #1:
Opportunity 1 - Blue Team
Opportunity 2 - Red Team

In the example above, I would want to open up organization #1 and see both opportunities below it. However if I am only on Red team then I should not be able to open up Opportunity 1 as it is assigned to Blue team or see it in a report.

Thanks in advance!

  • Hi Dan,

    I can't think of an out of the box solution for this, but you might be able to override the teams limitations on a per-view basis limiting non team members to read-only on list and subpanel views only.

    In your shoes, I would start with reviewing the acl code, and trying to reverse-engineer it:

    data/acl/SugarACLParentModule.php

    then seeing how 's post here:

    https://enricosimonetti.com/powerful-customisations-with-sugars-acl/

    can be adapted to your particular situation.

    There may be something in the context variable that will tell you what kind of view you are, in which case it should not be hard to customize it based on Enrico's code.

    I'll be interested to see if others come up with different ideas...

    Good luck!

    FrancescaS

  • hi Dan,

    Could you clarify the business purpose by describing the use case from the business perspective? That might help with the  implementation options

    Do you need, e.g. Blue team members to be aware of the Opp managed by the Red team so that not compete with the Red team for the same Customer?

    What info specifically should help Blue team to decide not to create the Opp? E. G. product name/product category, some specific Opp contact involved, else?

    Best Regards,
    Dmytro Chupylka

    integroscrm.com
    We make work in Sugar CRM system faster, more convenient and efficient

  • Thanks Francesca I appreciate you sending that over. I will have to look into this!

  • Hi Dmytro,

    Basically exactly what you said. We need all teams to see that their are opportunities under an organization, but not allow them to click into the record if they are not part of the opportunities team (we should not be competing against the teams). Technically we could hide a few fields within the opportunity from unrelated teams, but it is my understand that if someone ran a report then the hidden fields would show on that given report.

  • Hi Dan,

    I don't have a direct answer, but I wonder if you can disable the "Record View" role option with Team Based Permissions to achieve what you're looking to do?

    From the first link above:

    When "Record View" is set to "None", the module's list view displays record's names, but the names are not hyperlinked to their corresponding record views like they are for users with the View permission enabled.

    This help article, https://support.sugarcrm.com/Knowledge_Base/Users_Teams_Roles/Introduction_to_Roles, may help as well depending on your familiarity with Roles.

    I hope this helps!


    Alex Nassi
    Digital CX Operations Director
    SugarCRM

  • Record View to None might switch off access for editing for all the Opps for the Team members -  neither Red nor Blue team could access to Opps even for editing their Opp records.
    In addition, OOTB "Ownership" in Sugar is personal (represented by assignedTo user), not team-based, and therefore restricting by Ownership could hardly work too.
    Am I wrong?

    Best Regards,
    Dmytro Chupylka

    integroscrm.com
    We make work in Sugar CRM system faster, more convenient and efficient

  • Hi Dan,

    Since my Integros team has experience of extending the Roles permission matrix with additional columns (including introducing Create end separating it from Edit) along with rebuilding the OOTB security model for the sake of speeding up cascade updates of hundreds of thousands of records for on-prem customers - to avoid updates of Team for very each the subordinate records whenever the parent Account gets new AssignedTo and Team - I would strongly recommend avoiding core security adjustments until it is critical for Sugar adoption and renewal.

    If the purpose is to help users with their business target while keeping team restrictions in place and OOTB, let me suggest a simple no-code solution that is implemented in 2 steps:

    1. Add a new custom module "Opps Digest"  with Studio and relate it to Accounts as many-to-one.

    2. Configure logic that would refresh the OppDigest records  - with data necessary and sufficient for business decision - no extra Opp info.
    For example,  show in OppDigest module all open Opps regardless of the team and sales rep the Opp is assigned to.

    Therefore, users could benefit from the information available for decision making while having team-restricted access to Opps via both interface and reports.

    Interface for Will from BLUE_TEAM  on the left and for Sarah from RED_TEAM on the right:

    The example implementation:
    step 1  - zip provided by Studio no-code tool - the OppDigest module (only please add relation to accounts manually via Studio)
    OppDigestModule.zip

    step 2 - zip generated by Logic Builder (https://logicbuilder.integroscrm.com) no-code tool - the logic to create/update/delete OppDigest record automatically on Opp is updated
    LogicThatRefreshesOppDigest.zip

    Please feel free to use the solution.
    Let me know if any questions or need some logic adjustments to make the example work for your company as prod

    In case you are curious about the logic configuration for create/update/delete OppDigest, here is the flowchart (please zoom in an follow the white line to read)


    Best Regards,
    Dmytro Chupylka

    integroscrm.com
    We make work in Sugar CRM system faster, more convenient and efficient

  • Hi:)

    Looks like Team-Based Permissions should solve this task:
    Let's say - Sarah has default teams: Global (primary) and Blue (selected)

    Will has default teams: Global (primary) and Red (selected)

    Both they are under Role that has the following settings:

    When Sarah creates Opportunity 'BLUE TEAM', this Opportunity has Teams Global (as primary) and Blue (with 'enabled additional permissions')

    When I login as Will, I see 2 Opportunities on Subpanel (because in Will's Role there is 'All' access to List and Will is in Global Team), but I can't open record view from Blue Team (because in the Role there is 'Owner & Selected Teams' and neither Will is Owner nor part of a Blue Team).

    And Sarah sees two Opp-s as well, but can open Opp of Blue Team:

    And let's say there is Sally from the Blue team - Sally sees both Opps, but can open only the blue one:

    what are your thoughts on using Team-Based permission to solve this task?

  • I just seen this and was about to reply the same, Team-Based permissions will solve this

    .

    CRM Business Consultant

  • Interesting example, what version of Sugar are you using? 

    I do not see the "Selected" option on Sugar Professional and I was wondering when and where it was introduced.

    thanks,
    FrancescaS