Issues with User Permission

Hi,

I am running v5.3.29-C62, and here is one of the Non-Admin User Permission settings:

When logged in as the User, selecting any of the Client, it can see the following menu options:

Here are my questions:

  1. Should the ‘Edit’, ‘Archive’ and ‘Delete’ options be made available to the User with the permission settings? I was thinking that it should not be available since the User is provided only Create and View permission to Client. Currently this User is still able to save changes to the Client by Editing, or even deleting.
  2. There seems to be no option to hide the ‘Dashboard’ and ‘Reports’ to Users. How can we achieve that?
  3. Although setting the Group information by the Admin, this User is not able to see them in the the Client when adding the ‘Group’ column.

Thank you.

Hi,

  1. All users can edit records they create, the ‘Edit’ permission enables them to edit records other people have created
  2. Users are be able to use the dashboard/reports to view data they have access to
  3. @david can you please check that all users can see groups regardless of their permission

:rocket:

All users can now see groups.

Hi @hillel,

Noted on the permissions behaviors. I’ll much hope there will be roadmap to take the permissions more granular. For example:

  • Allowing Admin to assign Clients to specific User(s) of the company, so that User(s) can only view the Clients it suppose to manage.
  • Each User who add the Client automatically is only viewable to the User + Admin. Other Users are not able to view the Client by default.
  • Could the above 2 be correlated with the Group and User field of the Client?

May I know if this may be considered for feature requests?

Thank you.

The Client can now view the Group column…! Thanks for adding the function in such a short time @david.

Hi,

  • It’s already possible to assign a client to a user
  • This is the current behavior
  • Sorry, I’m not sure I understand?

Hi,

Apologize for not explaining clearly. Let’s assume the following scenario.

Users

  • Admin
  • Staff A (non Admin with just only Create permission for Client)
  • Staff B (non Admin with just only Create permission for Client)

Client

  • Client A
  • Client B

Here’s my observation. If Staff A creates Client A,

  1. Staff A can see Client A in its Client list.
  2. Without Edit function, other Users do not see Client A by default.
  3. Even with only Create Client permission, Staff A can still delete Client A.
  4. Although Admin has assigned Client A to Staff B, Staff A can see Client A.

For (3), is it possible for Staff A to be able to view Client A , but not able to save changes or delete?

For (4), is it possible for Staff A not to see Client A since Client A is no longer managed by Staff A?

Thank you.

Feel free to create an issue on GitHub to request a change:

Thanks for the suggestion, I have created in GitHub.