AccessGovernance

Enterprise access control for third-party records, contacts, and admin perimeter.

Define who sees what — by user, by group, by category.
Zero core modification. Zero risk of lockout.

🔒 NEW 1.3: Private contact access management

Give administrators full visibility over private contacts — while keeping them hidden from the rest of the team.
Dolibarr's native priv=1 flag blocks all non-superadmin users, including your trusted administrators. AccessGovernance solves this with a clean, non-intrusive override.

• ✅ Admins see everything: full access to all contacts, regardless of the priv flag
• ✅ Sales reps see their own: non-admin users only access contacts linked to third parties where they are assigned as SALESREPTHIRD
• ✅ Filtering at every level: contact tab on the third-party record, global contact lists, and individual contact card — fully consistent
• ✅ One-click migration: a built-in utility converts all existing priv=1 contacts to priv=0, handing restriction logic over to AccessGovernance
• ✅ Fully optional: the feature is off by default; enable it only when you need it

Result: your confidential contacts stay protected, your admins stay productive, and every sales rep sees only their own portfolio.

🛡️ NEW 1.3: SuperAdmin group — protect your module management page

Create a "sub-admin" profile with access to business configuration — but without access to module and application management.
In Dolibarr, the admin flag is binary: every administrator can install or remove modules. AccessGovernance introduces a designated SuperAdmin group that alone retains access to admin/modules.php.

• ✅ One designated group: pick any existing Dolibarr user group as the SuperAdmin group from the setup page
• ✅ Transparent for SuperAdmins: group members see no change in behaviour
• ✅ Blocked for all other admins: non-member admins are redirected with a clear access-denied message
• ✅ Fail-open by design: if no group is configured, or in case of a database error, access is never accidentally locked — anti-lockout guaranteed
• ✅ Multi-entity aware: group membership is checked with entity scope

Result: you can confidently delegate administrative tasks without handing over the keys to your application stack.

Multi-department organisations: The sales team accesses only their regional customers, while purchasing manages specific supplier categories.

Team-based access: Assign specialised teams (sales, technical, support) to their respective customer portfolios without managing individual permissions.

Seasonal staff management: Quickly grant or revoke access for temporary employees during peak periods.

Compliance & audit: Track who accessed which third-party data with comprehensive audit logs.

Franchise operations: Regional managers access only the customers and suppliers in their territory.

Consultant onboarding: External consultants get limited access to specific customer categories.

1. Enable → Activate the module and choose the features you need (third-party filtering, private contacts, SuperAdmin guard)
2. Configure → Create your access rules: assign users or groups to the third parties or categories they should see
3. Done → AccessGovernance silently enforces your rules on every list, tab, and card — no further action required

Support & custom development

We offer technical assistance in English and French, by phone or email, for installation, onboarding and advanced configuration.

• 🔧 Onboarding assistance: €90/h
• ⚙️ Custom access logic development tailored to your organisation: on quote
• 📦 Integration with your other Dolibarr modules: on quote

📧 support@dzprod.net — response within 24–48 business hours

• ✨ New — Private contact access management: admin override of the native priv=1 restriction, with SALESREPTHIRD scoping for non-admin users
• ✨ New — SuperAdmin group guard: restrict access to admin/modules.php to a designated user group, independently of the admin flag
• ✨ New — Migration utility: one-click conversion of all priv=1 contacts to priv=0 to delegate restriction logic to AccessGovernance
• 🔄 Setup page — New "Private Contacts" and "Admin Perimeter" sections with dedicated controls
• 🔄 Expanded hook coverage — printFieldListWhere now handles all contact list contexts (contactlist, contactcustomerlist, contactsupplierlist, contactotherlist, contactprospectlist)

📧 Product enquiries: products@dzprod.net
🔧 Actively maintained module — regular updates published on Dolistore