How to Manage Roles and Set Privileges within SugarCRM

Roles enable you to group users according to the tasks that they need to perform and then define a set of privileges.

Objectives         

•          Define Role Characteristics

•          Access Roles

•          Create Roles

•          Set Role Privileges

•          Duplicate Roles

Roles have the following characteristics:

•          Roles control what a user can do with a record once the system retrieves the record from the database. Teams, on the other hand, control data retrieval security.

•          A particular set of privileges can be identified as a role and assigned to a user.

•          A role takes effect when you assign it to a user.

•          You can assign users to more than one role. When a user is assigned to multiple roles, the role with the more restrictive prevails.

•          All changes to roles such as changing role definitions, granting, or revoking roles to and from users take effect upon new login sessions.

•          When you deny access to a module, the related sub-panels that display on other module pages are also removed.

Accessing Roles               

The Role page is available from the system links, in the top right corner of Sugar.

Action

1. Login to Sugar with your administrator login and password.

2. Click the Admin link in the system links in the top right corner.

Result: The Administration: Home page appears.

3. In the Users sub-panel, click the Role Management link.

Result: The Role page appears.

Creating Roles 

The appropriate roles will be set up just once, and then users will be assigned to each role.

Action

1. In the Shortcuts section of the Role page, click Create Role.

2. Enter a name for the role.

3. Enter a description for the role.

4. Complete the privileges in the table sub-panel. See the Setting Privileges section for details.

5. To create the role, click Save; click Cancel to exit the page without saving your changes.

Setting Role Privileges 

A role defines a set of privileges to perform specific tasks. You can create multiple roles. You can then assign one or more users to each role to enable them to access the appropriate Sugar modules and perform the tasks.

Example: You can create a role called Support with privileges to access, read, and write to the Bug Tracker module. Then, users assigned to the Support role can access the Bug Tracker module to view and report bugs. You can further specify whether role members can import and export bug information.

Action

1. To specify access to a module, double-click the Access field corresponding to that module, and from the drop-down list, select Enabled; to deny access to the module, select Disabled.

2. To specify the user type, double-click the User Type field corresponding to the module, and select Normal (for End-user privileges) or Admin (for Administrator privileges).

3. To allow a specific privilege for a module, such as editing or deleting records, double-click the appropriate action field corresponding to the module, and select one of the following:

All: Allows all users of the specified user type to delete a record in the module.

Owner: Allows only a record’s owner to delete the record.

None: Prevents all users of the specified user type from deleting records in the module.

Privilege descriptions are in the table below.

PrivilegeDescription
DeleteDelete records in the module. If None is selected, the Delete button is disabled on the Detail page.
EditEdit records in the module. If None is selected, the Edit button is disabled on the Detail page. Additionally, the user cannot use the Mass Update section to update records for the module.
ExportExport data in the module. The Export link located at the top of a list view is removed when this privilege is not available to the user.
ImportImport item data in the module. The Import link in the navigation bar does not appear when this privilege is not available.
ListList views of records in the module. The user is unable to access the module list view when this privilege is not available.
ViewView items in the module. The user is unable to access the module detail view when this privilege is not available.

Duplicating Roles           

For creating new roles, a best practice is to duplicate existing roles to save time setting role privileges.

Step Action

1. In the Shortcuts section of the Role page, click List Roles.

2. Select the role that is similar to the new role you wish to create.

3. Click the Duplicate button.

4. Edit the role fields and privileges as desired

5. To create the role, click Save; click Cancel to exit the page without saving your changes.