espoCRM customization: allow non-sysadmin user edit users data

problem: be default, espoCRM only expose users data to users with sysadmin role. in role access management, user entity is not in the manage entity list.


1. override acl of user entity at custom/Espo/Custom/Resources/metadata/scopes/User.json. add edit in aclActionList, add “team”, “all” in aclActionLevelListMap.

    "aclActionList": ["read", "edit"],
    "aclActionLevelListMap": {
        "edit": ["own", "no", "team", "all"]

2. override acl user.php at custom/Espo/Custom/Acl/User.php. ensure to remove or change line of

        if (!$user->isAdmin()) {
            if ($user->id !== $entity->id) {
                return false; // change this logic

ref: how to