Hi All,

How can malicious code be detected in Creatio On Cloud Instance? Is there any plugin in marketplace in support of this feature. 

File system development mode is not enabled so what everchanges are done are directly contributed by multiple developers to the instance. 

Hi,

Q:   IS Creatio custom web service DDOS safe ?

In other words:   If I create a custom web service (Anonymous) for integration with external systems (of course with basic security logic to identify the source which is accessing my endpoint), Is creatio DDoS Safe? Or in this case i should use application firewall (like cloudflare) infront of creatio ?

Hello community,

We have a Creatio installation on Creatio SaaS cloud with a few custom configuration services we have built. The security requirements are very stringent and we need to be able to permit access to these custom configuration services only to a few users & only to a few IPs. Pls find below questions in this regard - 

1. From what we understand, access to the GUI application and to the back end services are shared across the same Creatio credentials (via user setup). Can we disable GUI access to a few users and only enable access to these specific custom configuration services? Also, can we disable access to these configuration services for all other GUI users? In short - A few users only for these configuration services. A few users only for the GUI.
2. We would like to permit only certain IPs access these configuration services. This can be handled in 4 layers - Network infrastructure layer (Load balancer etc), IIS Configuration on the WebServer, Explicitly verify and restrict access to certain IPs inside the configuration service logic. Which of these 3 is recommended from a feasibility & security perspective on Creatio SaaS cloud?

Thanks in advance

In the out of the box functionality i can prevent the user from deleting contacts by configuring the object permissions.

Can we prevent deleting a specific type of contacts? Let us say those who are males?

When I prevent a specific user from deleting records of a specific section. Let us say, User A cannot delete contacts. After configuring this in object permission:

Login using User A, go to contact page, select a record, you will still be able to see the Delete button but you will not be able to delete.

Is there any settings to let the delete button be automatically hidden when there is insufficient permissions?

Hi there, how are you? Hope you are doing well.

I need some help with this scenario:

Org Roles (City roles):

•    Boston

•    San Diego

•    Miami

Each user in Boston role can Access to the Boston accounts with columns limitations : no view Web, Phone and Numbers of employee [this configuration by columns permissions]

Each account can have multiple owners that manages the account and should be able to view all the information of the account including web, phone and number of employee.

how can permits be combined?

Example:

•    Account 1 

o    City: Boston

o    Owner: user 1 and user 2

•    Account 2

o    City: Boston

o    Owner: user 3

user 1, user 2 and user 3  has the role Boston , because they need to access all the account for Boston (Account 1 and Account 2) excepts the columns Web, Phone and Numbers of employee. 

How can I make user 1 and user 2, in the case of account 1, see it completely as the owners? I tried to assign explicit permission to Account 1 for user 1 and user 2, but same results the user can access the account but the columns web, phone and numbers of employee not appear.

We cannot do by code because this is an example but in a real scenario we need to apply this to multiple entitys with a lot of columns configuration.

We need to resolve this permission settings by security configuration.

Thank you

Kind regards