Covering OroCRM topics, including community updates and company announcements.  Subscribe

Forums OroCRM OroCRM – How do I? Questions Control View Permissions for User Emails

This topic contains 6 replies, has 4 voices, and was last updated by  Jeroen Olthof 8 months, 3 weeks ago.

  • Creator
  • #57799


    We’ve set up user email syncing via Google which is working well. However, we’ve run into a problem with visibility.

    If you view the page for a particular user, you can see emails that are associated with that user record. There doesn’t seem to be any consistent pattern for which emails show up and which ones don’t, which means that one user could view emails from another user that they should not be able to see.

    Ideally, a user would only see their own emails and the emails from other users that are associated to shared contexts. This limit does not appear to be in place or at least is not working consistently.

    We tried disabling access to the User list via permissions but this breaks the ability to filter grids by Owner. The Owner list becomes blank for the restricted user and they cannot filter anymore.

    Any ideas on how we can limit the visibility to emails to only those which a user SHOULD be able to see?

Viewing 6 replies - 1 through 6 (of 6 total)
  • Author
  • #57800

    Hi @Rob

    You can set different permissions for actions of entities in the role managament.
    There is the entity “Email-User Relation”. For action “view” available such values:
    – None
    – User
    – Business Unit
    – Division
    – Organization
    – System

    Permission of action View for entity “Email-User Relation” used to check permission to see activity email in activity list.

    Dependence of the reflection on the permissions:

    • None – User cannot see activity in activity list.
    • User – User can see email in activity list if he is participant of email (sender or recipient).
      Also user should set Email synchronization settings and make sync email.

    • Business Unit – User can see all email in activity list if users have common Business Unit.
    • Organization – User can see all email in activity list if users have common Organization.
    • System – User can see all email in activity list.


    Thanks for the clarification about the Email User entity. However, the problem here is that if I set the permissions to “User”, a particular user cannot see an email ANYWHERE unless they were included on that email. This includes cases where the email has a particular context.

    What I would prefer in this case is that a user can only see an email that isn’t their email if they view it either from:

    * A contact page
    * The page of another context associated to the email

    In this case, then, the real solution may be to delete the “Activity” view from the user profile page so that all of a user’s messages / activity cannot be viewed. What would be the simplest way to turn this view off?



    Hi @Rob,

    Did you manage to make it work as you described ?



    Jeroen Olthof

    Any news on this matter. I also see personal non related mail of different user. I feels like bug, but maybe it’s a feature?


    Jeroen Olthof

    In a two users scenario

    User A:
    [Role, Sales Rep]
    [Email-User Relation] = user (view,edit and create)

    User B:
    [Role, Sales Rep]
    [Email-User Relation] = user (view,edit and create)

    When user A selects “All Emails” in My Email view, he will see all email of user A & B.
    When user B selects “All Emails” in My Email view, he will see all email of user A & B.

    So user A and B can see all each others personal E-mail.

    This probably isn’t the way it’s meant to be?


    ps. is there a way to delete all synced email. Just to try a resync..


    Jeroen Olthof

    It is fixed in 2.0.11 (also in the 2.1.3 which we run now)

Viewing 6 replies - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.