Thread Details
  • State Not Answered
  • Replies 5 replies
  • Subscribers 354 subscribers
  • Views 947 views
  • Users 0 members are here
Forum Actions
Related

Sugar Pro 11.0.5 not respecting Teams?

Francesca Shiekh

I realize that Sugar Pro 11.0.5 is off support but bare with me...

We have never used Teams to restrict visibility. Every record is "Global" and every user has "Global"
however we have recently opted to change the visibility of Leads coming from Embargoed Countries to restrict them to a special Team called "Embargoed" so that they can be reviewed by a user assigned to that Team but not displayed/assigned to Account Executives at large.

I have a custom Logic Hook that accurately assigns the Team based on the address Country.
In the Lead record view I see only Embargoed (Primary) as the Team assigned to a particular Lead.

However, any user who is NOT part of that Team can still see the Lead records that are exclusive to that lead.

I checked the user accounts we tested with and they are all "Regular User"
I checked the Leads Module Access in the User's Roles and access is "Enabled" with
Access Type: Normal
Delete: None
Edit: All
Export: All
Import: None
List: All
Mass Update: All
Record View: All

There are no particular field level permissions (they are all "Not Set")

I do have two ACL modifications based on Enrico Simonetti's ACL Lock but none affect the Leads module.

I rebuilt Teams after adding this new team, as well as QRR, just for good measure

Is there anything else I should check?

Thank you,
FrancescaS

Parents
  • 0 Sugar Employee Badge

    Hello 

    The behaviour that you described doesn't sound correct. 
    The causes that cross my mind are:

    1 - You've mentioned that by default " Every record is "Global". If you want to restrict the visibility from other users you'll need to remove the Global team from the Record and add the New "Embargo" team. Was that performed?  

    2- Does the user have any reportees? Is the user possibly having an Implicit team membership to the embargoed team? 
    support.sugarcrm.com/.../index.html

    3 - Do you have any customisations on custom/data/visibility/ ? 
    I've seen cases of customers disabling team security to improve performance, could that be the case? 

    4 - Did you run a repair teams already? 
    https://support.sugarcrm.com/Documentation/Sugar_Versions/13.0/Ent/Administration_Guide/System/Repair/#Repair_Teams

    Feel free to let me know if any of these guides you in the right direction or if you need any more information or ideas. 

    Thanks 

    André

  • 0 in reply to Andre Serrazina

    Thank you ,

    to answer your questions:

    • I have verified that the record has one team only "Embargoed" and no others

    • I have verified that the user I use for testing does not have "Embargoed" team assigned explicitly or implicitly:
      SELECT tm.*, t.name
FROM `team_memberships` tm
INNER JOIN teams t ON tm.team_id = t.id
WHERE tm.user_id = 'The_user_id_here';


      as a matter of fact no one has Team "Embargoed" assigned at this time as only Admins should be seeing these records at this time.

    • I have repaired Teams & a QRR for good measure

    • I had NOT checked the visibility customizations.
      We did have a custom/data/visibility/TeamSecurity.php (thank you for that extra tip) 
      It was added more than 5 years ago and I seriously don't remember why... 
      I removed it, QRR, and it made no difference.

    • <?php
if(!defined('sugarEntry') || !sugarEntry) die('Not A Valid Entry Point');
class TeamSecurity extends SugarVisibility
{
        public function addVisibilityFrom(&$query)
        {
                return $query;
        }
        public function addVisibilityFromQuery(SugarQuery $query, $options = array())
        {
                return $query;
        }
}


    I went as far as disabling the ACL modifications though they have nothing to do with Leads. That, as expected, did not help.

    FrancescaS

Reply
  • 0 in reply to Andre Serrazina

    Thank you ,

    to answer your questions:

    • I have verified that the record has one team only "Embargoed" and no others

    • I have verified that the user I use for testing does not have "Embargoed" team assigned explicitly or implicitly:
      SELECT tm.*, t.name
FROM `team_memberships` tm
INNER JOIN teams t ON tm.team_id = t.id
WHERE tm.user_id = 'The_user_id_here';


      as a matter of fact no one has Team "Embargoed" assigned at this time as only Admins should be seeing these records at this time.

    • I have repaired Teams & a QRR for good measure

    • I had NOT checked the visibility customizations.
      We did have a custom/data/visibility/TeamSecurity.php (thank you for that extra tip) 
      It was added more than 5 years ago and I seriously don't remember why... 
      I removed it, QRR, and it made no difference.

    • <?php
if(!defined('sugarEntry') || !sugarEntry) die('Not A Valid Entry Point');
class TeamSecurity extends SugarVisibility
{
        public function addVisibilityFrom(&$query)
        {
                return $query;
        }
        public function addVisibilityFromQuery(SugarQuery $query, $options = array())
        {
                return $query;
        }
}


    I went as far as disabling the ACL modifications though they have nothing to do with Leads. That, as expected, did not help.

    FrancescaS

Children