Hello,

Currently, there is some hardcoded logic that saves some of the changes into the Custom package regardless of the package that is set as the current one.



For example, when you turn on administration for an object it will save these changes to the Custom package, the same behavior can be seen when setting up a change log for an object.



As a workaround, you can move the created files to the desired package by using the "move to another package" feature in the configuration of the site. We have additionally added this request to an already existing task for our developers to change this behavior in future releases.

Bogdan,

Hi! When setting up advanced operations nothing appears in the Custom package. 

Hello Mariam,

According to the application logic, the changes in the access rights always generate the replacing object in the Custom package, regardless the one you have in the Current package.

We are aware of that and working hard to fix that in our future releases. 

Hello Kyrylo,

Thank you for your response,

In this case, how to proceed in order to add changes to my package for transfer between environments?

Thanks,

mariam moufaddal,

if you switch on Access rights in your package in configurator, these changes will be transfered with your package

Kind regards,

Vladimir

Hello,

If you want to configure the deletion permissions please use Permission to delete messages and comments:



Permission to delete messages and comments gives permission to delete messages and comments left by other users in the [Feed] section, on the [Feed] tab of the Notification Panel, and on the [Feed] tab of the view and edit pages of the system sections.

Please note, that there is no possibility to deny permission to users to delete their own messages and comments even if they do not have access permissions to this system operation.

Hello,

As we mentioned in the submitted case to support, we do not recommend you manually check those boxes, to properly add them please follow the steps below:

1. In the object, permissions section add your restrictions
2. The system will create a "copy" of the object you are working on in the current package as a reference to the original object
3. In that copy, you will see the checkboxes checked for the chosen options from object permissions.

Please make sure to set the "Current Package" system setting to the one you are developing in.

For further questions please refer to your support case.

Thank you.

Hello Petrika,



It's possible to add DCM panel for the portal user by following the instruction on our Community:



https://community.creatio.com/articles/enable-dcm-portal-users



Best regards,

Bogdan

Bogdan i believe the article is outdated. For example the object "Case status changed actions" didnt exist at all in nowdays versions of Creatio

Petrika,

Unfortunately, we don't have new examples of such implementation.

So, you can refer to the post by the link in the previous comment. 



Please note, that we have already registered the idea for our R&D team to implement this functionality in further releases. I will assign your case to this project in order to increase its priority.  





Best regards,

Bogdan

Bogdan,

I tried the operations described in the article and they didnt work.

I think there is some modifications that needs to be done in Operation Permissions and Object Permissions Bogdan. 

Because when i deploy the same portal page in another instance (which has an empty database) the cases appear !

Hello Amritha,

We already have a support ticket regarding this issue.

Please refer to your case regarding this issue.

Thank you,

Artem.

It's not possible since this message is returned by the GetCanEdit method from RightsService class from this part of code:

if (isNew) {
				bool canAppend = (rightLevels & SchemaOperationRightLevels.CanAppend) == SchemaOperationRightLevels.CanAppend;
				return rightsHelper.GetCanAppendSchemaOperationRight(schemaName)
					? string.Empty
					: (canAppend
						? string.Format(new LocalizableString("Terrasoft.Core", "Entity.Exception.NoRightFor.Insert"), schema.Caption.Value)
						: string.Format(new LocalizableString("Terrasoft.Core", "LicHelper.Exception.LicenceNotFound")));
			}

And the string is formed using the core entity exception.

Hi again,

I slved the first part (revoking edit/delete permissions for VIP contacts) but still struggling with the second part (revoking read access to sensitive fields).

Any help on this would be highly appreciated!

Thanks,

Robert

Hello Robert,

If I understand right, you can refer to this guide: https://academy.creatio.com/documents/administration/7-16/managing-colu…

Regards,

Akira Nguyen

Phuong Akira,

Hello Akira,

thanks for the reply, but this is not solving the issue. The reason is that I have to conditionally restrict access to the field.

Only when the contact is a VIP contact (that is, if it has a certain detail record), the sensitive fields should get accessible only by a certain role.

If I use column permissions, the field (eg the mobile number) will be restricted on every contact, not just VIP contacts.

Thanks,

Robert

Hello Robert,

To solve your issue, I think you can combine some coding + business rule

1. You can code method: if usr with specific role open page, set 1 usrfield = true; else = false

2. Business rule: customer = VIP AND usrfield = true; hide mobile phone field

Sorry, I am not a coder so I cannot guide you on how to code it.



Regards,

Akira Nguyen

If the protections on data are to comply with legal regulations, then client-side hiding or editing restrictions are not enough. I don't know what Robert's requirements for this are, but suggesting client-side logic to hide sensitive data without knowing why its access needs to be restricted is dangerous.

Harvey Adcock,

Hello Harvey,

you are absolutely right and I do not want a solution to hide the data via the UI.

The requirement is not based on legal regulations, but nevertheless, I want a robust solution where the user can't access the data no matter what he/she tries (the user could add the sensitive field in the list for example).

Unfortunately, I haven't found such a solution that is doable with the means of creatio permissions.

Do you have an idea?

Thanks,

Robert

Robert Pordes,

It would be a nice feature, given that Creatio has the ability to do row level security on a per-user basis, but it isn't possible currently.

The closest thing I could think of would be to have an extension table holding the sensitive data, which has its row level security applied by the Business Process you mentioned, but from what I can tell Creatio doesn't support extension tables either, so it would be a very code-intensive process of building that functionality in Creatio first...

Sorry I can't be of more help, hopefully others have some better ideas.

Dear Jordy,

If we are talking about the record permissions, then the users will not be able to see/edit/delete records if the role is deleted.

For example, I have a default Finance organizational role. The users who belong to it can see the contacts. If I delete Finance role, the correspondent role records from SysContactRight table will be also removed and as the result my users will not be able to see the contacts.

I'd suggest to create the new role firs, assign it to these users, update the records permissions after assigning the required rights and only then remove the old organizational role. It will prevent the users from loosing the ability to see/edit/delete the records.

Apart from that, you can test such actions on the website copy prior making any changes in the production environment.  

Regards,

Dean