Team-based record-level access control?

[CPN]

Hey everybody,

My name is David Harris, and I'm the systems administrator for a small tech startup which recently licensed SugarCRM Professional. We've installed version 4.2.0. I'm prototyping it on a Debian/Sid server. Apache version 2.0.55, PHP4 version 4.4.2, MySQL 5.0.19.

I believe I'm having some fairly basic difficulty with access control lists. I'm trying to have records set such that only team members can view/edit/list/etc. them. (That is to say, only members of the team specified by the record's "Team" field should be able to access the module).

As it stands, it appears that one can only specify that either everybody with access to a particular module's functionality (in this case the Accounts module, but I'm wanting this pretty much everywhere), or only the individual user-owner can access a given record. Is this actually the case? (I'm rather hoping not.)

The relevant details:

"Test User" user
"Test Team" team
"Test User" is a member of "Test Team" team
"Test Role" role
"Test Role" has "owner" set for all options in the ACL for the Accounts module, excepting "Import", which is set to "None"
"Test User" has "Test Role" applied
"Test Account" Accounts record
"Test Account" Accounts record has "admin" as the owner and "Test Team" as the team
"Test User" cannot access "Test Account" Accounts record. Only if I set the owner of the "Test Account" Accounts record to "Test User" (locking pretty much every other user out), or if I set "Test Role"'s Accounts module ACLs to "all" (giving "Test User" far more access than they should have), can "Test User" see the "Test Account" Accounts record.

Thanks in advance for your time.