Sage CRM 2019 R2: Security Rights on Documents

Sage CRM offers users the ability to store files (.doc, xls, pdf etc) associated with the different entities represented within the system and these files can be added to the library either via direct upload or via mail merge in the case of PDF and Word Documents.

The library files are accessed via the interface from the Document tab which exists within the various entity summary screens. Each file stored in the folders on the server has a corresponding header record a Library table in the database. The library table record describes the files name and provides the interface that allows the file to be found and retrieved in the Sage CRM system. In the case of files such as Word Documents, the properties of the libr_status can be used to control whether the file can be just downloaded for viewing or for editing.

One of the really useful changes that have been introduced into Sage CRM 2019 R2 is the promotion of the Library (Document) secondary entity into a primary entity governed by security.

In Sage CRM there is a division between primary entities and secondary entities. You see the primary entities listed within the main Administration>Customization screen.

Primary Entities are also called Main Entities. It used to be that the Library entity along with other entities was accessed via the secondary entities drop-down box.
The central characteristic of primary entities is that they are governed by security policies and each record can be associated with a security territory. This now allows a system administrator to create policies that can exactly control who can access documents stored in Sage CRM via the Library entity.

The basic changes implemented in Sage CRM 2019 R2 to enable this is

  • Addition of libr_secterr column to the library table.
  • Setting the bord_primarytable flag in the metadata table custom_tables.

Other characteristics may be associated with primary entities such as workflow capabilities or being able to use the Advanced Find on the entity but for this release, we have just focussed on the need to have the library entity governed by security.
Each entity in CRM that is covered by the Security system has a column in the table that has the name _secterr. In the Library table, it is "libr_secterr".

A security policy may not just reference the security territory information but it may also reference which user created the record, the team that it is associated with and the user that has been assigned to the record.
These columns differ in name from table to table but within the Library table these are

  • Libr_userid
  • Libr_channelid
  • Libr_createdby

The column that holds the Team information is called always called xxxx_Channelid within Sage CRM tables.

In a default install of Sage CRM, the library table is referenced in only a single view 'vLibrary' but it is important to understand that every table mentioned in a view will have different security associated columns referenced. If you create new views for customizations that join the Library table then security policies will apply to those views.

Because we know that these columns are going to be referenced automatically by CRM we must ensure that any views that we create include the following columns in the select statement.

  • Libr_userid
  • Libr_channelid
  • Libr_createdby
  • Libr_secterr

Understanding the screens used for Library entity

The development team have not made any assumptions on what use customers may want to make of 'security policies' on documents governed by the Library entity. This means for Sage CRM 2019 R2 the libr_secterr field has not been added into the main screens used for the library.

Below is the Documents tab shown within the company context.

If you want the territory to be listed in this screen then the field libr_secterr needs to be added to the list LibraryList. If you want to be able to filter documents by territory then the libr_secterr field would need to be added to the LibraryFilterBox screen.
The page displayed when 'Add File' is used to upload a file or files into Sage CRM consists of several screens defined in metadata as you can see below.

Please note the field 'Territory' in the screen CommunicationLibraryBox is actually the field comm_secterr and is only passed to the communication record if the tick box 'Create Communication' is checked. If you want to be able to set security for documents that are uploaded then you would need to add the libr_secterr field into the screen LibraryItemBoxLong.

The screen LibraryItemBoxLong is also used for editing a library record after it has been uploaded as you can see below.

Security can also be implemented for the global documents or shared documented library. This means that sensitive documents can be made inaccessible for some users and only available to others.

You can see below the Shared Documents tab in the My CRM menu.

This consists of the list called 'GlobalLibraryList' with an associated screen 'GlobalLibraryFilterBox'. If you are using security for Library items then you will need to add the libr_secterr column to these screen objects.

The adding of new files to the shared global library is controlled by a screen that uses the screen object 'GlobalLibraryItemBoxLong'.

This same screen is used when editing a record within the shared documents.

Anonymous