Recently, we announced the newest release of OroCRM and OroPlatform which offered many enhancements in areas like sales pipeline management, role management, and personal system configurations.
In this blog, we would like to discuss in more detail a feature that was specifically requested by our community of customers and developers: an upgraded field-level access control list (ACL) aimed at providing different levels of access to the entity fields depending on user role. The field-level ACL is a significant advancement to our ACL engine. This feature enhancement provides users with the flexibility needed to control access to information for any scenario.
What’s the purpose of the new feature?
With the help of this new feature, OroCRM offers granular controls over content visibility depending on user roles. It is now possible to control and restrict access to sensitive data displayed in fields within Opportunity or Account entities. With this features businesses can display only role-relevant data without providing additional details or sensitive, ‘private’ information to particular audiences. For example, a sales rep can see details of the opportunities managed by him but won’t be able to see sensitive information about other sales opportunities, like contact information, size of the opportunity, phase of the opportunity, etc.
What does the field-level ACL setup look like?
Let’s consider an actual case that shows how the field-level ACL helps to define the desired level of user access to OroCRM entity fields.
As an administrator, you may want to grant user access to, let’s say, only sales managers for particular information related to opportunities. Naturally, you want your colleagues see the high-level details in opportunity data but without disclosing deal-sensitive, yet relatively confidential information like opportunity budget, status, or probability.
To do so, go to System -> User Management -> Roles -> Sales Manager, and scroll to the Opportunities. Expand the list of fields by clicking the respective icon and click the Edit button. For most fields in the form, you can select different permission levels which can be configured independently for every type of field data processing, be it view, create, or edit. So, when logged in as a sales manager, you can see the opportunity data displayed exactly the way it has been set up for your role.
What comes next
The newly implemented field-level ACL feature in OroCRM and Oro Platform CE version 1.10 for community users and OroCRM EE 1.12 for partners and enterprise customers is currently available for only Account and Opportunity entities. However, developers can quickly enable field-level ACL for other entities if needed. Out-of-the-box support for more entities will be added in the future, so stay tuned for other valuable enhancements and upgrades.
Please note, that the ACL option is not enabled by default, the field level access should be activated manually in just a few steps. Go to System -> Entities -> Entity Management, select either Opportunity or Account, click the Edit button, and put a checkmark in the Field Level ACL. Save the changes you’ve just made. Now it’s possible to proceed with the setup of the field level ACL for the entity. Optionally, you can also activate the Show Restricted field so that the fields configured as unavailable to the users are shown as disabled on create and edit pages.