OroCRM Forums

Covering OroCRM topics, including community updates and company announcements.

Forums Forums OroCRM Usermanagement role with restriction

This topic contains 3 replies, has 2 voices, and was last updated by  Andrey Yatsenko 4 years, 5 months ago.

Starting from March 1, 2020 the forum has been switched to the read-only mode. Please head to StackOverflow for support.

  • Creator
    Topic
  • #40756

    kevin12
    Participant

    I want to create a role within OROCRM that can edit users within a particular division, with the intend that this role cannot edit other roles not part of this division. However I noticed that I cannot set the entity role to division, only to none or global. If I set it to none, the role cannot assign roles to new users. If I set it to global they can assign admin rights to users that would give them permission to see everything. Is there a way to create a usermanagement role restricted to a division that can only assign/remove a restricted set of roles to users (i.e. so no admins)?

Viewing 3 replies - 1 through 3 (of 3 total)
  • Author
    Replies
  • #40758

    Andrey Yatsenko
    Moderator

    You can manage access to users in a new role editing page, see the attached screenshot.

    Attachments:
    1. Screenshot-2019-10-25-at-13.38.20-128x72
    #40761

    kevin12
    Participant

    I’m sorry but that’s not the issue, it’s about the roles you can assign to users. It seems like the only options Oro offers is either not being able to assign roles or assign all roles, including administrators. If you check the entity role it only shows none and global, there’s no option to restrict it. So I’m looking for a way to restrict a role’s ability to assign roles to users, so they can assign for example only 2 out of 4 roles created in Oro to users wihtin that division. Hope this clarifies what I meant.

    #40762

    Andrey Yatsenko
    Moderator

    My miss, yes there is no way to limit it out of the box. You can write a form type extension to control the list of available choices. Or provide a custom program action, that will promote the user to the given role and control permissions for this action with ACL.

Viewing 3 replies - 1 through 3 (of 3 total)

The forum ‘OroCRM’ is closed to new topics and replies.

Back to top