This post is for SugarCRM system administrators developers.
System Administrators – If you’re running a SugarCRM system, keep some of these tips in mind.
Developers – These are just good things to know.
Sometimes “user initiated processes” turn into runaway processes on the server. For example, someone may create a tool that iterates through a result set from the database query, only to do additional queries based on the result. The tool may work well for the developer on their dev environment, but it may not scale well. These kind of actions turn into runaway processes.
Many different platforms impose quotas/limits. SugarCRM is no different. In the 5.1 release we created database query limits. As a developer, you should be aware of these so that you can develop code accordingly.
In config.php you’ll find a section of the $sugar_config array that looks like and is controlled like this:
'resource_management' => array ( 'special_query_limit' => 50000, 'special_query_modules' => array ( 0 =>'Reports', 1 => 'Export', 2 => 'Import', 3 => 'Administration', 4 => 'Sync', ), 'default_limit' => 1000, ),
This is the “out of the box” configuration – of course you can change this (c’mon this is SugarCRM, you can modify anything!).
Some intentionally resource intensive features such as Reports, Exports, Import, Offline Client, and anything in the Admin section are allowed to have 50,000 queries. Otherwise, the default is 1000 queries. You can modify this to fit your needs.
The best way to modify this is in config_override.php using $sugar_config[‘resource_management’]
Another feature that allows you to manage access to some key administrative areas of your Sugar system is the following setting:
$sugar_config['admin_access_control'] = true;
Some of the actions that this setting will disable are features in the admin panel:
- Upgrade Wizard
- Module Builder
The full list is detailed in files_access_control_map.php and is easily expanded in custom/include/MVC/Controller/file_access_control_map.php.
A final security control allows you to restrict Module Loader to read modules from only a specific directory on the server and disables the ability to upload new modules into the Module Loader.
$sugar_config['use_common_ml_dir'] = true ; // to enable or disable the feature. $sugar_config['common_ml_dir'] = '/path/to/your/directory'; // modules will be loaded from this directory.