CiviCRM Community Forums (archive)

I just recently installed a standalone CiviCRM 3.0.2 for a non-profit as part of http://grgivecamp.org

I ran into 2 issues:

1) I couldn't figure out how to use ACLs vs. Core ACLs. Core ACLs seemed to be what mattered and I couldn't seem to limit permission to, for instance, only allow contacts with role A to edit contacts in group B. If role A had permission to edit contacts on the Core ACLs page, then it could edit all contacts. If it did not have that permissions, it could not edit any contacts. I searched for a while and could not find much reference to Core ACLs and the behavior that I noticed.

2) I could not seem to limit permission for users to add/remove their contacts to Groups and to add/remove others contacts from Groups. Essentially, this meant that if I gave a user only a few permissions - "Access CiviCRM" and very few others (sorry, not looking at it) - any user could add themselves to the Administrators group. That didn't seem right.

Overall it was a good experience and the non-profit is very happy with the setup, but these issues meant that we could only permit access to a select few members of their organization.

Thank you for the reply.

1) What are extended ACLs? And how do they compare to ACLs (Access Control > 3. Manage ACLs - which didn't seem to do anything) and Core ACLs (Access Control > 4. Manage Core ACLs - which seemed to be all or nothing, as you said).

2) How do I limit user access to groups? Visibility? We want to have authenticated users that are not admins (and cannot make themselves admins).

Manage ACLs says Administrator can Edit All Groups.

Here's what I'm trying to do and I spent a while yesterday trying to figure out the ACL implementation, reading as much documentation as I could find.

Volunteer Coordinators should be able to edit Volunteers. They should not be able to edit other contacts. They should not be able to add themselves to the Administrators group.