Per-record Permissions (Roles)

[kovshenin]

Hi, I'm a noob to Sugar but found my way around installation and basic configuration. I run a web development agency and I'm looking forward to create a new module for sugar to store server access credentials, API keys and other sensitive information. This requires some extra permission management as I wouldn't like everyone to see all my API keys and server credentials. I know I can create a role and add users to that role to give them access, but I'm looking for something more customizable here.

I'd like to give users permission to such records on a per-record permission, for instance user A could see only records 1, 2 and 3. User B could see records 2, 3 and 4. So both users could see records 2 and 3. I wouldn't like to create a role for each and every case where I need to give somebody access to a certain record.

Is this achievable with Sugar? If so, what's the easiest way to implement this? I can do some PHP if needed. I'm running Sugar CRM CE 5.5.2.

Thanks,
~ K

[Angel]

The built-in Roles mechanism should allow you to do what you are wanting.

If you create a role that only allows users to access records from that module which they also own (by means of the "Assigned To" field) they will then only be able to view said record. You can also choose to allow them to view them, but not edit them. There are other variations you can create. It all depends on your exact requirements.

[kovshenin]

Angel, unfortunately no. The standard Roles mechanism is not enough. All my requirements are in my post, it's a one-to-many relationship between a module record and users. The SecurityGroups addon seems to be a little closer to what I'm looking for, but unfortunately it's a group based permission setting, not a user. Optimal would be group, user and role. Oh and it doesn't run on 5.5.2..

Thanks.

[Angel]

Apologies, I missed the part about multiple users.

Unfortunately your only choices would be to use an add-on such as Security Suite or the like (assuming they fit your requirements) or introduce the code yourself as there is no way to customize the behavior of the security model without some custom code.