Very granular (field-level) access control

[dantrainor]

Hi, all -

I want to say that I read that the Professional edition would support this functionality, but I thought I'd ask anyway.

Certain fields I wish for the user to not be able to change. Particulars include all email settings for their particular Mail account. I want them to be administratively adjusted, not adjusted when they feel like it. There's a few other situations like that, as well.

Basically, I'm looking for a very granular way of controlling permissions on specific fields that SugarCRM displays.

Anyone have any tips?

Thanks!
-dant

[mvngti]

Field level access is not available in CE. I am busy building a module that can add that functionality but it is very beta at the moment.

Certain fields I wish for the user to not be able to change. Particulars include all email settings for their particular Mail account. I want them to be administratively adjusted, not adjusted when they feel like it.

This can be achieved quite easily with a before_save logic hook that simply discards the changes if it is a non admin user. Create an before_save logic hook on Users that does something like this.

PHP Code:

global $current_user;
if (!is_admin($current_user))
{
    $bean->sensitive_field = $bean->fetched_row['sensitive_field'];
} 


Users will realize very quickly that they can not change those fields and they will never complain about it because they know it something they should not be doing :-)


M

[dantrainor]

Good morning, Marnus -

Excellent, thank you so much.

As far as making a visual representation on the field to indicate that the user cannot change said data, what do you propose one could do for that? Is there a solution akin to the one that you've suggested for not allowing the updates?

Thanks!!
-dant

[mvngti]

It will NOT be upgrade safe, but you could tinker with the templates (.tpl) in modules/Users

Of course if you are going to change the the templates you could hide the fields altogether with some clever template logic :-)

M