CiviCRM Community Forums (archive)

*

News:

Have a question about CiviCRM?
Get it answered quickly at the new
CiviCRM Stack Exchange Q+A site
This forum was archived on 25 November 2017. Learn more.
How to get involved.
What to do if you think you've found a bug.



  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Using CiviCRM »
  • Post-installation Setup and Configuration (Moderator: Dave Greenberg) »
  • Can't limit access to custom fields
Pages: [1]

Author Topic: Can't limit access to custom fields  (Read 1709 times)

Will Brownsberger

  • I post occasionally
  • **
  • Posts: 44
  • Karma: 2
Can't limit access to custom fields
January 03, 2010, 07:36:31 am
I believe that I have configured ACL's, groups and roles properly to specify that a category of user should have access to one (only one) custom field group.  I've been around that confirguration process carefully several times.

However, the users seem to continue to have access to all custom field groups despite the fact that they have none of the following Drupal permissions:  Profile listings and forms, Access all custom data, Administer CiviCRM.

I do want them to be able to edit contacts, just not the other custom fields.

Any similar experiences or insight out there?

Dave Greenberg

  • Administrator
  • I’m (like) Lobo ;)
  • *****
  • Posts: 5760
  • Karma: 226
    • My CiviCRM Blog
Re: Can't limit access to custom fields
January 03, 2010, 10:10:55 am
Will - I just did a test on my 3.1 (beta 4) sandbox and things are behaving as expected.

I've got a Drupal 'volunteer' role with access CiviCRM, access all uploaded files, add contacts, edit all contacts, view all contacts - BUT with access custom data = false.
I've got > 8 groups of custom data for Individual, some inline some tab.
I've created an ACL Role = Volunteer
I've assigned that role to 'Summer Volunteers' group
I've put my 'volunteer role' user's contact record into that group

Now experimenting with adding ACL's for the Volunteer role with 'Edit' on several of the custom data groups. Both the 'inline' and the 'tab' experiments work - they appear in the contact interface when after the ACL is added by my admin login. I also 'Disabled' an ACL (admin login) and reloaded the contact page (volunteer login) - and the corresponding custom data group tab disappears.

So, either you are doing a different set of steps OR there's some caching problem OR there's a bug that was fixed in 3.1 ???
Protect your investment in CiviCRM by  becoming a Member!

Will Brownsberger

  • I post occasionally
  • **
  • Posts: 44
  • Karma: 2
Re: Can't limit access to custom fields
January 03, 2010, 03:57:48 pm
Thanks for taking the time to check this, Dave.

MY BAD!

After an embarrassing additional amount of time looking at all the wrong things, I realized that my test users were picking up permissions from the anonymous user.  Once I altered the anonymous and authenticated permissions everything worked as it was supposed to.

/w.

« Last Edit: January 04, 2010, 04:34:12 am by WillBrownsberger »

Dave Greenberg

  • Administrator
  • I’m (like) Lobo ;)
  • *****
  • Posts: 5760
  • Karma: 226
    • My CiviCRM Blog
Re: Can't limit access to custom fields
January 04, 2010, 04:26:28 pm
Will - Don't stress - I was happy to have an excuse to exercise that use case a bit. Happy new year!
Protect your investment in CiviCRM by  becoming a Member!

Will Brownsberger

  • I post occasionally
  • **
  • Posts: 44
  • Karma: 2
Re: Can't limit access to custom fields
January 12, 2010, 06:02:38 pm
 :-\

Dave, thanks again.

One more wrinkle that still seems like a bug.

An ACL adding access to a custom data group does work as it should.

But here is the problem that I am now having.  It seems that if I add an ACL giving an ACL group of contacts access to a custom data group, it has the effect of giving other ACL groups the same access.  This seems to be misbehaving for sure -- I can turn off and on access for the wrong contacts by turning the ACL on and off (enabling and disabling).

Oddly, the error does not reproduce in my test environment.  So, it's something complex as opposed to a straight up simple bug. 

/w.

« Last Edit: January 13, 2010, 04:44:58 am by WillBrownsberger »

Dave Greenberg

  • Administrator
  • I’m (like) Lobo ;)
  • *****
  • Posts: 5760
  • Karma: 226
    • My CiviCRM Blog
Re: Can't limit access to custom fields
January 13, 2010, 06:29:51 pm
Will - Not sure where to begin debugging this one. I've pinged Lobo to see if he has some thoughts.
Protect your investment in CiviCRM by  becoming a Member!

Will Brownsberger

  • I post occasionally
  • **
  • Posts: 44
  • Karma: 2
Re: Can't limit access to custom fields
January 14, 2010, 07:20:30 pm
Once again, my error. :P

I had, in my installation, changed the name of the ACL role "authenticated" -- at some point along the way I must have mistaken it for something I had created myself.  So, I was then assigning it to a group.  The assignment, of course, had no effect -- the role continued to apply to all authenticated users.  Enabling it mysteriously enabled access by other groups, but in fact enabled access by all authenticated users.

Conceivably one might want to warn a user who changed the name of this role or attempted to assign it to a group, but there is no bug and, in fact, the documentation is also clear on the existence of the role -- http://wiki.civicrm.org/confluence/display/CRMDOC/Manage+ACL+Roles

/w.
« Last Edit: January 14, 2010, 07:59:24 pm by WillBrownsberger »
Pages: [1]
  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Using CiviCRM »
  • Post-installation Setup and Configuration (Moderator: Dave Greenberg) »
  • Can't limit access to custom fields

This forum was archived on 2017-11-26.