CiviCRM Community Forums (archive)

When it comes to permissions, we (Philadelphia Yearly Meeting) want the ability to do some pretty complicated stuff. Seems like CiviCRM is really intended to do what we want, but it has me stumped on one thing.

I created a smart group consisting of one of the ~100 congregations our organization serves. Then I created an ACL, an ACL Role, a Group that has this ACL role, and a user as a member of this group. On the ACL screen, the "Operation" (action permitted) is set to "edit".

If I then log in as the test user who's part of this group, I get access to view all of the members of the relevant congregation ("congregation1"). And I get an "edit" button when viewing these records.

But if I click the "edit" button, I get the message, "Access denied // You are not authorized to access this page."

(If I (as CiviCRM administrator) change the ACL to allow view only, the edit button that wasn't working anyway, disappears.)

How can I make it so that this test user has the ability to edit records of people who are in "congregation1's" smart group?

Your suggestion of giving "add new contact" access to the test user worked, although it's problematic in its own way.

I'm interested in learning how to change the behavior of CiviCRM by using ACL hooks, but I'm not quite sure how to get started.

Thanks for your help so far!

Hi,

I just ran into this same issue. Giving the user role 'Add contacts' permission has fixed the 'access denied' problem when trying to edit the contact. However, I don't actually want this user role to be able to create new contacts, only edit certain existing ones. Is there any way to do this?

I'm already using hook_civicrm_aclWhereClause to implement some custom permissions.

-Ian