CiviCRM Community Forums (archive)

*

News:

Have a question about CiviCRM?
Get it answered quickly at the new
CiviCRM Stack Exchange Q+A site
This forum was archived on 25 November 2017. Learn more.
How to get involved.
What to do if you think you've found a bug.



  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Using CiviCRM »
  • Using Core CiviCRM Functions (Moderator: Yashodha Chaku) »
  • Limited user is able to add groups, thus access
Pages: [1]

Author Topic: Limited user is able to add groups, thus access  (Read 2954 times)

Ed van Leeuwen

  • I post occasionally
  • **
  • Posts: 68
  • Karma: 1
  • CiviCRM version: 4.7
  • CMS version: Drupal 7.x
  • MySQL version: MariaDB 10
Limited user is able to add groups, thus access
November 29, 2009, 03:45:31 am
I have an access group which should only show contacts. ACL is created to display, not change. Drupal roles checked:
- access CiviCRM
- access Contact Dashboard
- access all custom data

The data is shown properly. The change button is available, but when pressed a page is displayed with 'Access denied'. This is I think the way it should be.

However, this user may add/delete groups on the Group tab and thus add or remove access for himself or others. Evidently, this is not what I want.

Have I overlooked anything?

neha

  • I’m new here
  • *
  • Posts: 10
  • Karma: 1
  • CiviCRM version: v3.4, v4.0
  • CMS version: Drupal 6 / 7, Joomla 1.5 / 1.6
  • PHP version: php 5.3
Re: Limited user is able to add groups, thus access
November 30, 2009, 08:18:18 am
Quote
I have an access group which should only show contacts. ACL is created to display, not change. Drupal roles checked:
- access CiviCRM
- access Contact Dashboard
- access all custom data
With the permissions that are mentioned, user can add/unsubscribe for the groups through the 'Contact Dashboard' but he is not allowed to do the same via Group tab.
On the Group tab user can see the groups for which ACL is created with 'view' operation.
The user can edit the data only if 'add contacts' permission is given otherwise access will be denied for him.

You might want to look at
http://wiki.civicrm.org/confluence/display/CRMDOC/Manage+Access+Control+Lists+(ACLs)
http://wiki.civicrm.org/confluence/display/CRMDOC/Assign+Users+to+Roles

Neha

Donald Lobo

  • Administrator
  • I’m (like) Lobo ;)
  • *****
  • Posts: 15963
  • Karma: 470
    • CiviCRM site
  • CiviCRM version: 4.2+
  • CMS version: Drupal 7, Joomla 2.5+
  • MySQL version: 5.5.x
  • PHP version: 5.4.x
Re: Limited user is able to add groups, thus access
November 30, 2009, 08:28:31 am

have you given the acl: "view all contacts"?

thats a pretty permissive acl, which allows them to see all groups. A better way might be to create a smart group for all contacts, and give the acl to view that smart group only

lobo
A new CiviCRM Q&A resource needs YOUR help to get started. Visit our StackExchange proposed site, sign up and vote on 5 questions

Ed van Leeuwen

  • I post occasionally
  • **
  • Posts: 68
  • Karma: 1
  • CiviCRM version: 4.7
  • CMS version: Drupal 7.x
  • MySQL version: MariaDB 10
Re: Limited user is able to add groups, thus access
November 30, 2009, 01:15:30 pm
Quote from: neha on November 30, 2009, 08:18:18 am
Quote
I have an access group which should only show contacts. ACL is created to display, not change. Drupal roles checked:
- access CiviCRM
- access Contact Dashboard
- access all custom data
With the permissions that are mentioned, user can add/unsubscribe for the groups through the 'Contact Dashboard' but he is not allowed to do the same via Group tab.
On the Group tab user can see the groups for which ACL is created with 'view' operation.
The user can edit the data only if 'add contacts' permission is given otherwise access will be denied for him.

You might want to look at
http://wiki.civicrm.org/confluence/display/CRMDOC/Manage+Access+Control+Lists+(ACLs)
http://wiki.civicrm.org/confluence/display/CRMDOC/Assign+Users+to+Roles

Neha

Well, this is what I would have thought should happen, but it does not.

Ed van Leeuwen

  • I post occasionally
  • **
  • Posts: 68
  • Karma: 1
  • CiviCRM version: 4.7
  • CMS version: Drupal 7.x
  • MySQL version: MariaDB 10
Re: Limited user is able to add groups, thus access
November 30, 2009, 01:32:27 pm
Quote from: Donald Lobo on November 30, 2009, 08:28:31 am

have you given the acl: "view all contacts"?

thats a pretty permissive acl, which allows them to see all groups. A better way might be to create a smart group for all contacts, and give the acl to view that smart group only

lobo


Ah, that is exactly what I did. Thanks for your help.
Pages: [1]
  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Using CiviCRM »
  • Using Core CiviCRM Functions (Moderator: Yashodha Chaku) »
  • Limited user is able to add groups, thus access

This forum was archived on 2017-11-26.