Sugar Community Edition Installation and Administration Guide Version 5.0

Users

Use this sub-panel to manage users, and roles for your organization.

User Management

Use the User Management option to create, edit, activate, and deactivate users in Sugar. You can create an end-user, an administrator, a group user, or a portal-only user.

A Sugar-user can access and use Sugar modules but does not have administrative privileges.

An administrator has administrative privileges in Sugar to perform tasks such as creating users.

A group user is a bucket that you use to assign inbound emails. For example, you can create a group user named Support to handle customer support issues. You can then distribute them to the appropriate users from the group inbox. You can create a group user with the User Management option or when you create a group for inbound emails as described in “Inbound Email” on page 59.

A portal-only user is a user who can log into portals created in Sugar but cannot log into the Sugar application.

When you create a user, by default, the system creates a Sugar user unless you specify Administrator, Group User, or Portal Only User.

You can activate the Offline Client status for any user to allow that individual to use the Sugar application on their local machines without connecting to the Sugar server. For more information on the Offline Client, see the Sugar Offline Client Installation Guide.

After you create an end-user, administrator, or portal-only user, the user name displays in the users list on the Users Home page and the employees list on the Employees Home page. Group user names display in the users list as group users and does not display in the employees list.

You assign users to roles depending on the tasks they perform for the organization.

Note:

You cannot delete users but you can deactivate them.

To create a user

1.	In the Users sub-panel of the Administration Home page, click User Management.

The Users Home page displays on the page.

2.	In the Shortcuts menu, click Create New User.

3.	On the Users page, enter the following information:

a.	In the top sub-panel, enter the user name, the login name and password, and the user status.

b.	In the User Settings sub-panel, select the appropriate option to specify whether the user is an administrator, an end-user, a group user, or a portal-only user. If you do not select any of these options, the system creates an end-user.

You can enable email notifications to the user when a record is assigned to that person. You can also enable automatic reminders for upcoming meetings and calls. If the user has access to the Sugar Plug-in for Microsoft Word, you can enable the Mail Merge option.

c.	The Locale Settings sub-panel displays the default values for the date and time format, the time zone, decimal symbol, and currency values as specified on the System Settings page. However, you can change these values for individual users if necessary.

d.	In the User Information sub-panel, specify whether the user is still active, terminated, or on a leave of absence, the title, department, phone numbers, IM (Instant Messenger) type and ID. You can add comments in the Notes field, if necessary.

e.	In the Address Information sub-panel, specify the user’s home address.

f.	In the Calendar Options sub-panel, you can enter a Publish Key to prevent others from publishing the user’s calendar without authorization.

g.

In the Layout Options sub-panel, you can limit access to Sugar modules by granting the user access only to specific modules, depending on the tasks that the user needs to perform. By default, the user has access to all the modules. To hide a module from the user’s view, move the module tab to the Hide Tabs list using the arrow buttons. Similarly, to display a module to a user, move it from the Hide Tabs list to the Display Tabs list.

To apply these settings to all users, move the modules from the Hide Tabs list to the Remove Tabs list.

To move up a module, select the module in the Display Tabs list and click the up arrow; to move down the module, click the down arrow.

Use the Number of tabs box to specify the maximum number of module tabs to display in the User Interface. Similarly, specify your preference for number of sub-tabs, sub-panel tabs, and sub-panel links. You can also specify the placement of the Last Viewed links and the Shortcuts menu.

From the Navigation Paradigm drop-down list, select Modules if you want each module to be displayed as a separate tab, or select Grouped Modules to group them into categories such as Sales, Marketing, and Collaboration.

h.

In the Email Options sub-panel, you can set one or more email addresses for the user’s mail accounts. You can further specify whether an email address is the user’s primary email address or whether it will be used for an automated response to emails. You will also need to specify an email client from the drop-down list. For more information on setting up and configuring emails, see the Sugar Community Edition User Guide

4.	To create the user, click Save; click Cancel to exit the page without saving your changes.

5.	To change the user password, click Change Password, enter the new password, and save it.

After you create the user, the system adds the user name to the user list on the Users Home page. You can now assign the user to roles.

To assign roles to a user

1.	Select the user from the Users list to view the detail page.

2.	To assign a role to the user, click Select in the Roles sub-panel and select one or more roles that you want to assign to the user.

The user is assigned to the role and the role is now listed in the Roles sub-panel.

To manage user information

•	To update the status of some or all users, use the Mass Update panel on the Users Home page as described in “Editing and Deleting Multiple Records in the Sugar Community Edition User Guide.

•	To view a user’s details, click the user’s name in the Users list.

•	To edit user details, click Edit on the detail page, change the information as needed, and click Save.

•	To duplicate the user details, on the detail page, click Duplicate, edit the information as necessary, and click Save.

•	To change the user password, click Edit on the detail page and then click Change Password. Enter the new password, and click Save.

•	If you reconfigured your User Preferences settings, Homepage, or Dashboard, and you want to reset the default values, click the appropriate button.

Role Management

A role defines a set of permissions to perform actions such as viewing, editing, and deleting information. By default, user have access to all Sugar modules. Roles enable you to control user actions in Sugar by restricting access to modules.

For example, if you want to prevent a group of users in your organization from having access to the Opportunities module, you can create a role that restricts access to this module. When you assign this role to an engineer, that individual will no longer be able to access the Opportunities module. Or, you may want to assign junior sales representatives to a role that allows them to view and edit opportunities, accounts, and contacts but prevents them from deleting these records.

Users are affected only if roles that are assigned to them. That is, users who are not assigned a role can, by default, access and take any action in any module. Each user can be assigned zero, one, or multiple roles. Each role can be assigned to zero, one, or multiple users.

An Admin user, by default, has administrator rights for all modules and records. You cannot restrict these privileges with roles.

All changes to roles such as changing role definitions, assigning, or revoking roles take effect upon a new login session after the change has been made.

Creating Roles

When you create a role, you specify the modules that the role can access, the user type such as end-user or administrator, and the actions that they can perform.

Access Type options are as follows:

•	Enabled: permits the user to view the module.

•	Disabled: hides the module from the user’s view.

•	Not Set: leaves the setting unchanged.

User Type options are as follows:

•	Normal: specifies end-user privileges in the module.

•	Admin: specifies administrator privileges in the module.

•	Not Set: leaves the setting unchanged.

Privileges are as follows:

•	Delete: Delete records in the module. If None is selected, the Delete button is disabled on the detail page.

•	Edit: Users can edit records in the module. If None is selected, the Edit button is disabled on the detail page. Additionally, the user cannot use the Mass Update panel to update records for the module.

•	Export: Export record data in the module. The Export link located at the top of List Views is removed when this privilege is not available to the user.

•	Import: Import record data in the module. The Import link in the navigation bar does not appear when this privilege is not available.

•	List: Users can view list of records in the module or in a sub-panel but cannot edit them. Users are unable to access the module's list view when this privilege is not available.

•	View: Users can view the detail page of records in the module.

Action options are as follows:

•	All: all users who are assigned to the role can perform the action.

•	Owner: Only the user who is assigned to the record can perform the action. If there is no assigned user, then the user who created the record can perform the action.

•	None: prevents all users assigned to the role from performing the action.

•	Not Set: leaves the setting unchanged.

When a user is assigned multiple roles, the roles definitions are merged and the more restrictive settings prevail. For example, if a user is assigned to two roles pertaining to one module where one role grants administrator access and the other grants end-user access, then user has only end-user access. In this case, the end-user access overrides the role with the administrative access because it is more restrictive.

A special case is the “Not Set” value in a role definition. You can use “Not Set” to ensure that a role does not affect a particular setting. This allows simple roles to be constructed and then combined to achieve the desired security level.

For example, if users are assigned to both the following roles:

Role A, where User Type = Admin and Export (action) = None

Role B, where User Type = Normal and Export (action) = All

Then, users can only see records that are assigned to them. And, they cannot export data.

If you change the User Type to Not Set:

Role A, where User Type = Admin and Export (action) = All

Role B, where User Type = Not Set and Export (action) = None

Then, the user can see all records in the module but cannot export data.

To create a role

1.	In the Shortcuts menu of the Roles Home page, click Create Role.

2.	Enter a name and description for the role.

All the Sugar modules along with the associated properties and actions are listed below in table format. You use this table to disable/enable modules or grant/deny permissions to perform specific actions.

3.	Click Save to create the role.

The Edit View of the role displays a list of available modules along with the action type.

4.	To specify access to a module, double-click the Access field corresponding to that module, and from the drop-down list, select Enabled; to deny access to the module, select Disabled.

5.	To specify the user type, double-click the User Type field corresponding to the module and select Normal to specify end-user privileges or Admin to specify administrator privileges.

6.	To set role permissions for a module, such as editing or deleting records, double-click the appropriate Action field corresponding to the module, and select one of the following:

All: allows all users of the specified user type to delete a record in the module.

Owner: allows only the record owner to delete the record.

None. Prevents all users of the specified user type from deleting records in the module.

Actions are as follows:

•	Delete: Delete records in the module. If None is selected, the Delete button is disabled on the detail page.

•	Edit: Edit records in the module. If None is selected, the Edit button is disabled on the detail page. Additionally, the user cannot use the Mass Update panel to update records for the module.

•	Export: Export record data in the module. The Export link located at the top of List views is removed when this privilege is not available to the user.

•	Import: Import record data in the module. The Import link in the navigation bar does not appear when this privilege is not available.

•	List: List views of records in the module. The user is unable to access the module's list view when this privilege is not available.

•	View: View records in the module. The user is unable to access the module detail view when this privilege is not available.

7.	To create the role, click Save; click Cancel to exit the page without saving your changes.

Note:

To restrict actions such as editing and deleting records, you will need to set access control at the module level.

To assign users to a role

1.	In the role’s Edit View, scroll down to the Users sub-panel and click Select.

2.	Select users from the Users list and click Select again.

The system assigns the selected users to the role.

You can also assign users to a role in the User Settings sub-panel of the User Management page.

3.	Click Save.

To manage roles

1.	To view the role details, click the role name on the Role home page.

2.	To edit the role, on the detail page, click Edit, revise the information, and click Save.

3.	To duplicate the role, on the detail page, click Duplicate, and then click Save.

4.	To delete the role, on the detail page, click Delete.

5.	To view access permissions for a specific user, in the Shortcuts menu, select List Roles by User and select the user from the adjacent drop-down list.

6.	To remove a user, in the Users sub-panel, click the rem icon corresponding to the user name.

To view roles for a user

1.	In the Shortcuts menu of the Roles home page, click List Roles by User.

2.	Select the user from the drop-down list.

The system displays details of the user’s privileges for each module. You cannot change any of the privileges because they are associated with the role.