Use column permissions misunderstanding

Hi community,

 

On a demo version, I have created a test user with "Direction" as organizational role. I want it to hide the "Budget" field in the opportunity section and don't make it editable.

To do so, I went in the "object permissions" and checked "Use column permissions", selected the "Budget" field and giving a "Deny reading and editing" access level to the "Direction" role. 

The three available options are :

 

 

After doing that, when I connect with the test user, I still can see (or read if you prefer) the Budget field, however I can't modify it.

 

 

How can I do to hide this field to all the "Direction" users ? If we can't do it like this, what does "Deny reading" mean ? What are the differences between "Permit reading" and "Deny reading" ?

 

Thanks a lot for your time.

 

Best regards,

Jonathan

 

 

 

Like 0

Like

5 comments

Hello Jonathan,

 

Could you please specify the version of your application?

 

Thank you!

Best regards,

Bogdan S.

Hi Bogdan Spasibov,

 

The actual version of Creatio, 7.18.3.

Hello Jonathan,

 

The "Deny reading and editing" option won't hide the field but it can hide the value of the field. For example, with the following setup, all company employees will see the field value except for the users that are added to the '1-st line support' role:

 

 

But the best way to achieve you business task is to use business rules. There is a rule that is called 'Show an element on page'. It allows you to show the specific field on the page only for some users. For example, with this setup only Supervisor can see the 'Budget' field on the page:

 

 

Please note that as of now the business rules can be applied to users only. The setup with org.roles should be available in one of the upcoming releases.

 

Best regards,

Bogdan S.

Hi Bogdan Spasibov,

 

Thanks a lot for your answer. The first methods doesn't seem to work. I created an opportunity, set the "Budget" field to 3'500. Then went to the object permissions and set "Deny reading and editing" to the "Direction" Organizational role. When I log in with a "Direction" user, I can still se the 3'500.

 

However, your second solution helps me a lot and is perfect for what I want to do. 

 

Thanks :) 

Jonathan Quendoz,

Hi,

 

please be careful with using business rules as a means for data access restrictions! They only work on the page where they are configured! So this will not if the user adds the field to the opportunity list.

Besides this, I think that the order in Bogdans answer should be the other way round. Permissions are evaluated by priority and the first hit will count. Since every user is in the "All Employees" group, the second row will never be evaluated.

 

BR,

Robert

Show all comments