Setting Up a Multi-Tenant Environment in SuiteCRM Using Security Groups

SuiteCRM supports multi-tenant architecture through the use of Security Groups and Role Management. This approach helps administrators control access to CRM modules, ensuring users can only access data relevant to their tenant or group. This guide will walk you through setting up a secure multi-tenant SuiteCRM environment.

User Management

View All Users

  • Navigate to Admin Panel → Click User Management

  • The list of existing users will be displayed

Create New User

  • From the sidebar, select Create New User

  • Fill out user details in the following tabs:

User Profile Tab

  • Username, First & Last Name

  • Set status: Active or Inactive

  • Choose user type: Regular User or Administrator

  • (Optional) Enable Two-Factor Authentication

  • Add a valid email address for notifications

Password Tab

  • Enter and confirm password

Advanced Tab

  • Set localization: date/time format, timezone, currency

  • (Optional) Add Publish Key for iCal integration

Creating Security Groups

Security Groups help assign records and manage access among teams (tenants).

Create a Security Group

  • Go to Admin Panel → Select Security Suite Group Management

  • Click Create Security Group from the sidebar

  • Fill out the following:

    • Group Name

    • Assigned To: Admin/User

    • (Optional) Check "Not Inheritable" to prevent automatic record assignments

Add Users to Security Group

  • In Security Suite Group Management, select the group

  • Under the Users section, click Select

  • Search and add desired users to the group

Assign Roles to Security Groups

  • In the selected Security Group, scroll to the Roles section

  • Click Select to assign an existing role to the group

Role Management & Permissions

Roles control what users can view, edit, delete, and manage across modules.

Create a Role

  • Go to Admin Panel → Click Role Management

  • From the sidebar, select Create Role

  • Enter a Title and Description, then click Save

Define Role Permissions (Role Matrix)

Once saved, the Role Matrix appears where access levels per module can be configured.

  • Click individual cells to toggle permissions or use column headers for bulk updates

Configuring Multi-Tenant Permissions

To enforce data isolation:

  • Users should see and manage only their own records

  • Group leaders may be granted access to all records in their group

Recommended Role Settings for Multi-Tenancy

Example: For the Contacts module

Permission

Setting

Description

Access

Enabled

Grants module access

View

Owner

View only own records

Edit

Owner

Edit only own records

Delete

Owner

Delete only own records

List

Owner

List only own records

Export

Owner

Export only own records

Import

None / All / Not Set

Depending on policy

Mass Update

None / Not Set

Optional based on need

Assigning Roles

Assign to Users

  • Go to Role Management → Select the created role

  • Scroll to Users section and click Select

  • Add the users to assign the role

Assign to Security Groups

  • In the same Role page, scroll to Security Groups section

  • Click Select and add the relevant groups

Conclusion

By combining Security Groups and Role-Based Access Control, you can effectively configure SuiteCRM into a multi-tenant environment. This setup isolates data per group (tenant), ensuring privacy and compliance across different business units or clients.

Bookmark/Search this post with
  • Facebook logo
  • Twitter logo
  • Technorati logo
  • del.icio.us logo
  • Digg logo