CiviCRM Community Forums (archive)

*

News:

Have a question about CiviCRM?
Get it answered quickly at the new
CiviCRM Stack Exchange Q+A site
This forum was archived on 25 November 2017. Learn more.
How to get involved.
What to do if you think you've found a bug.



  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Using CiviCRM »
  • Post-installation Setup and Configuration (Moderator: Dave Greenberg) »
  • Limiting the contacts that an user can see
Pages: [1]

Author Topic: Limiting the contacts that an user can see  (Read 1295 times)

leupi

  • I post frequently
  • ***
  • Posts: 192
  • Karma: 2
Limiting the contacts that an user can see
April 21, 2010, 08:49:38 am
Is there a way to limit which contacts an user can see? I would like to set up some kind of a Drupal role and that role can only see contacts with a specific tag (or group). Is there a preferred way of doing this? We have some contacts that not everyone needs to see. Would also be nice to limit the fields that some users can see. One group of users only needs to see Name and email address and others may need to see addresses also. Is there a preferred way of doing this?

Thanks.

ctarascio

  • I post frequently
  • ***
  • Posts: 334
  • Karma: 30
    • American Friends Service Committee
  • CiviCRM version: 4.1.3
  • CMS version: Drupal 6.26
  • MySQL version: 5.5.20
  • PHP version: 5.3.13
Re: Limiting the contacts that an user can see
April 21, 2010, 08:55:55 am
Hi,
Yes, there is a way to do this and you will find documentation about it here: http://wiki.civicrm.org/confluence/display/CRMDOC/Access+Control.

"ACL's", along with Drupal permissions that are assigned to "roles", can be used in conjunction to control access to groups, custom data and profiles.

Take a look at the documentation and if you have more specific questions just post back.

Hope this helps,
Cynthia

leupi

  • I post frequently
  • ***
  • Posts: 192
  • Karma: 2
Re: Limiting the contacts that an user can see
April 21, 2010, 12:11:36 pm
Thanks, that was a big help. I managed to create a group "US Congress", which has the contacts that I only want specific users to see. I then created a group, Development Team, that has the users that I to be able to see "US Congress". I created a role, Development, and gave that role permission to view "US Congress". I then added the Development Team to the role Development. So far, so good. But everyone is able to see any group by default (at least that is my take on it). What actually takes away all others' ability to see the group "US Congress"? If I login as a non Development Team member, I can still see "US Congress".

ctarascio

  • I post frequently
  • ***
  • Posts: 334
  • Karma: 30
    • American Friends Service Committee
  • CiviCRM version: 4.1.3
  • CMS version: Drupal 6.26
  • MySQL version: 5.5.20
  • PHP version: 5.3.13
Re: Limiting the contacts that an user can see
April 21, 2010, 12:59:25 pm
Hi,
You have to edit the permissions for the role and uncheck the box to "view all contacts". That setting overrides the ACL rule. You will have to create additional roles for other users if you only want the "Development Team" to view members in the "US Congress" group.

Cynthia

leupi

  • I post frequently
  • ***
  • Posts: 192
  • Karma: 2
Re: Limiting the contacts that an user can see
April 22, 2010, 07:55:26 am
So am I correct in thinking that I will need to have all contacts in a group and then give the appropriate permissions via ACLs for people to view them? If I remove the 'View all contacts' permission then you will view NO contacts unless you are explicitly allowed to do so via an ACL and an ACL cannot do that if the contact is not in a group. Is this correct?

ctarascio

  • I post frequently
  • ***
  • Posts: 334
  • Karma: 30
    • American Friends Service Committee
  • CiviCRM version: 4.1.3
  • CMS version: Drupal 6.26
  • MySQL version: 5.5.20
  • PHP version: 5.3.13
Re: Limiting the contacts that an user can see
April 22, 2010, 09:29:27 am
Hi,
I am not sure I understood your last post, but I will answer based on what I think you said.

You will need an ACL rule that will allow the Dev team to view/edit contacts in the US Congress group.

Then, you will need an ACL rule for every other group that you have. You will apply this rule to all the groups except for US Congress.

Thinking that i could get away with only one ACL rule for all the groups except US congress, I tried creating a "parent" group and applied an ACL rule to it, but it didn't work. The permissions do not "cascade" down the "tree": I had to create an ACL for every group.

The Dev team is doing some really great work work with  ACL's that you may find useful. It is still a work in progress but initial coding is available in 3.1.4. You can read about it here if you are interested:

http://wiki.civicrm.org/confluence/display/CRMDOC/Multi+Site+Installation
http://wiki.civicrm.org/confluence/pages/viewpage.action?pageId=26510788

Hope this was helpful,
Cynthia

leupi

  • I post frequently
  • ***
  • Posts: 192
  • Karma: 2
Re: Limiting the contacts that an user can see
April 22, 2010, 09:48:50 am
Once I remove the 'View All Contacts' permission in Drupal I will need to have every contact in a group, is that correct? Right now not all of my contacts are in a group, but since the ACLs assign an operation based on the group, every contact that I have will need to be in a group or it will not be seen. Is that correct?

Let me try to clarify (I'm not very good at this). I don't want members of the group 'Our Employees' to be able to see the 'Donor' group (unless they are also in the 'Development' group) so I cannot give the group 'Our Employees' the Drupal permission to 'View All Contacts'. That means that the contacts that they can view are dictated only by the ACLs. Since ACLs work on groups then the group 'Our Employees' can only see contacts that are in a group (and then permission has to be given via an ACL). May take on this is that all contacts must be in a group (which not all of mine are) for this to work.

Is there a way to do a search on contacts that are NOT is a group? I tried creating a custom search for this but could not figure it out.

I did notice that permission did not cascade also.

Wow, I hope that I did not ramble too much...  :)

Thanks for the help

ctarascio

  • I post frequently
  • ***
  • Posts: 334
  • Karma: 30
    • American Friends Service Committee
  • CiviCRM version: 4.1.3
  • CMS version: Drupal 6.26
  • MySQL version: 5.5.20
  • PHP version: 5.3.13
Re: Limiting the contacts that an user can see
April 22, 2010, 10:42:54 am
I have just started playing around with ACL's so I am by no means an expert, but I think you are right: all contacts must be in a group.

If you want to find contacts Not in a group, go to custom searches and in the "Exclude Groups" section, add all of your groups. This will show you everyone who is not part of a group.

Wish I could be more helpful but I think you are on the right track.

Cynthia

leupi

  • I post frequently
  • ***
  • Posts: 192
  • Karma: 2
Re: Limiting the contacts that an user can see
April 22, 2010, 10:52:08 am
I don't seem to have an 'Exclude Groups' section under Custom Searches. Any thoughts?

leupi

  • I post frequently
  • ***
  • Posts: 192
  • Karma: 2
Re: Limiting the contacts that an user can see
April 22, 2010, 10:52:59 am
Nevee mind, I found it...
Pages: [1]
  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Using CiviCRM »
  • Post-installation Setup and Configuration (Moderator: Dave Greenberg) »
  • Limiting the contacts that an user can see

This forum was archived on 2017-11-26.