Under Review

Improve confidentiality in Customer Self Service Portal

Sugar 9.2 has some very nice features and seems to be heading in the right direction.
Customer Service and Software Support is one area where Sugar CRM and our company share common ground. We were very pleased to see the advancements of the Customer Self Service Portal in Sugar 9.2. We are continually attempting to provide fast, controlled and systematic service for our customers across Australia. Our main area of difficulty is providing our customers appropriate visibility to Case Status in the portal.


The Customer Self Service Portal provides this visibility and control however, privacy issues pose a roadblock in rolling out the Sugar Customer Self Service Portal to hundreds of consumers across Australia.

Specifically, a Contact that is portal active is able to see all cases for the Account. This allows one Contact to see another Contact’s Cases, Notes and Attachments. This information may vary from personal information, business information, usernames, banking details to intellectual property. Exposing this to all portal active Contacts for the Account we believe breaches industry best practice of modern standards in information security.

Our idea is that SugarCRM provide an option for Contacts to only be able to see their Cases that they are linked to. This may necessitate having tow types of Portal Active settings - Admin and Standard. Standard Portal Contacts can only see Cases that they are linked to. Admin Portal Contacts can see all Cases for their Account.

Further, we believe the Sugar Portal should provide the ability for Portal Users to define filters to enable them to find their cases better. The basic standard filter available are fine, but not sufficient.