====== Advanced set-ups ====== With the configuration of object access (described [[configuration:objectaccess#configuration|here]]) we solve the simple needs, where you can configure what group all objects created by a certain user is set to as well as the default permissions. For more advanced needs, we need to set the owner, group and permission for objects through customization with the concept of custom limeobjects. The technical documentation you can find [[https://lime-crm-platform.readthedocs-hosted.com/projects/lime-core/en/latest/object_access.html|here]]. ===== Example 1 – Cascade permissions ===== //The employees are divided into teams, and the employees should only be able to access projects belonging to their own team. The same rules should also apply for any history and documents connected to those projects. That is, you should only be able to see the history notes and documents for the projects that you have access to.// This case is more advanced since the permissions for history notes and documents depends on whether the notes and documents are connected to a project or not. In this case – all documents and history notes NOT connected to a project should be accessible to everyone. {{ :configuration:objectaccess:advancedsolutions.png?nolink&400 |}} To solve this more advanced case you need to: * As with the simpler case, set up groups for the teams and set them as the default group for users through Lime Admin * Set the default access for projects to “none” for others and full access for “group”, but leave history and documents at full access for everyone Then we need to use a custom limeobject to apply the wanted behavior when creating history notes and documents. This means that: * Whenever a project is created, access will be restricted to the creating team * Whenever a history object is created, access will only be restricted if it is connected to a project Through the custom limeobject, we also need to update the group and permissions for the history notes and documents if the: * Group is changed for the parent project * The history note or document is detached from the project ===== Example 2 – Dynamic groups ===== //The employees are working in cross-functional teams for their projects in Lime CRM, where the teams are administrated per project through a tab “Project members”. Only the users connected to the project through the relation to “Project members” should have access to the project.// To solve this more advanced case you need to: * Set the default access for projects to “none” for others, but full access for “group” Then we need to use a custom limeobject to apply the wanted behavior for creating the right group and members. This means that: * Whenever a project is created, a unique group is created * Whenever a project member is added or removed from the project, the corresponding user is added or removed as a member of the group that the project is connected to