SuiteCRM icon indicating copy to clipboard operation
SuiteCRM copied to clipboard

Published 20 hours ago verified publisher icon salesagility

Subpanels display Select button although the user roles don't allow edition

Open SinergiaCRM opened this issue 3 years ago • 4 comments

Issue

Wanting to have read-only users in the CRM, I have created a role where users cannot edit, delete or import in any module. However, users with this role can still create relationships between records using the Select button in subpanels, which is intended to be a writing/creation action.

Is interesting to know that the Create/New button is properly hidden from subpanels when roles forbid edition.

Expected Behavior

The CRM should not show the Select button in subpanels when roles don't allow data edition.

Actual Behavior

The CRM shows the Select button in the subpanels and relationships can be created.

Steps to Reproduce

  1. Create a role where users cannot edit, delete or import in any module (or at least in two related modules of your election).
  2. Assign the role to a user.
  3. Access the CRM with the user.
  4. Go to the detail view of any record and check that the Select button is displayed in subpanels and relationships can be created.

Context

It does not allow us to create read-only users. Compromise security in access to data. High priority.

Your Environment

SuiteCRM Version used: Version 7.11.19 - Sugar Version 6.5.25 (Build 344) Browser name and version: Google chrome Versión 88.0.4324.150 (Build oficial) (64 bits) Environment name and version: MySQL, PHP 7.3 Operating System and version: Ubuntu 20.04.1 LTS

SinergiaCRM avatar Jun 18 '21 16:06 SinergiaCRM