CiviCRM Community Forums (archive)

*

News:

Have a question about CiviCRM?
Get it answered quickly at the new
CiviCRM Stack Exchange Q+A site
This forum was archived on 25 November 2017. Learn more.
How to get involved.
What to do if you think you've found a bug.



  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Using CiviCRM »
  • Using Core CiviCRM Functions (Moderator: Yashodha Chaku) »
  • Using ACL to limit what information about a contact a user can see
Pages: [1]

Author Topic: Using ACL to limit what information about a contact a user can see  (Read 2448 times)

perka

  • Guest
Using ACL to limit what information about a contact a user can see
April 29, 2008, 03:54:14 pm
I am using ACLs to be able to give limited read access to certain users.

I have set up a role "Role A"
Who have access to see contacts from "Group A"

So far everything is fine, but then I want to limit what information from these contacts that users with "role A" can see.

I tried creating a profile "Profile A" with the fields I want "Role A" to see.
Then I created a rule saying that "Role A" should see "Profile A" but Role A still sees all data from group A.

Am I going about this the wrong way? Or am I just missing something?

[Edit]
Seems I was wrong, that is not how profiles are used. Looking into it some more and will get back as soon as I find a solution.
« Last Edit: April 29, 2008, 04:43:13 pm by perka »

petednz

  • Forum Godess / God
  • I’m (like) Lobo ;)
  • *****
  • Posts: 4899
  • Karma: 193
    • Fuzion
  • CiviCRM version: 3.x - 4.x
  • CMS version: Drupal 6 and 7
Re: Using ACL to limit what information about a contact a user can see
April 29, 2008, 10:19:28 pm
Keen to hear how you approach this. We have a similar requirement. I had presumed Profiles would provide the necessary constraints in terms of having used ACLs to limit my 'managers' to a geographic subset, I could then limit the custom data they would find via profiles
Sign up to StackExchange and get free expert advice: https://civicrm.org/blogs/colemanw/get-exclusive-access-free-expert-help

pete davis : www.fuzion.co.nz : connect + campaign + communicate

perka

  • Guest
Re: Using ACL to limit what information about a contact a user can see
April 30, 2008, 12:21:49 am
As to the custom data I belive you are correct. It is the standard data that I don't think I cant limit with profiles.

Dave Greenberg

  • Administrator
  • I’m (like) Lobo ;)
  • *****
  • Posts: 5760
  • Karma: 226
    • My CiviCRM Blog
Re: Using ACL to limit what information about a contact a user can see
May 01, 2008, 03:07:00 am
Quote
Then I created a rule saying that "Role A" should see "Profile A" but Role A still sees all data from group A.

Not sure what you mean by "all data from group A"? A Profile is a set of pointers to a specific collection of fields - so it will only expose the data in those fields.
Protect your investment in CiviCRM by  becoming a Member!

petednz

  • Forum Godess / God
  • I’m (like) Lobo ;)
  • *****
  • Posts: 4899
  • Karma: 193
    • Fuzion
  • CiviCRM version: 3.x - 4.x
  • CMS version: Drupal 6 and 7
Re: Using ACL to limit what information about a contact a user can see
May 01, 2008, 03:21:34 am
As I understand
Dataset A are a subset of custom data
Group A are a subset of contacts
Users A have particular mgmt roles
Role A is the Role Users A need to have under ACL to 'see' the contacts

So Users A are restricted by Role A to see only Group A

Now he wants to also restrict Users A to only seeing Dataset A of Group A.

It is something I am also grappling with - well should be, but you know, hoping the answer will pop out of the woodwork.

I have set up ACL to divide our party in to regions. And have a group of managers for each region. Now I am being asked to make some 'second class' managers who are both restricted to the contacts in their region, but also only have access to some of the custom data. Will profiles do this for me?
« Last Edit: May 01, 2008, 03:48:00 am by peterd »
Sign up to StackExchange and get free expert advice: https://civicrm.org/blogs/colemanw/get-exclusive-access-free-expert-help

pete davis : www.fuzion.co.nz : connect + campaign + communicate

perka

  • Guest
Re: Using ACL to limit what information about a contact a user can see
May 01, 2008, 03:41:58 am
Exactly. The scenario I am aming for is:

User A, a local admin should have access to certain information about all contacts(members) in his/her area and be able to send mail to them.

So I created an ACL rule in order to give User A access to the contacts in Group A (all the conacts from that area).  I don't think I can use a profile to achieve this as I need the user to be able to use the "send email" action on those contacts.

When clicking on a certain contact from the list the contact should appear but only showing the data I specifically allowed user A to see.

From what I understand, I can achieve everything except access to the actions using profiles. Please tell me I am wrong :)

Dave Greenberg

  • Administrator
  • I’m (like) Lobo ;)
  • *****
  • Posts: 5760
  • Karma: 226
    • My CiviCRM Blog
Re: Using ACL to limit what information about a contact a user can see
May 01, 2008, 12:45:11 pm
If User A needs to use the "actions" drop-down (Send Email to Contacts etc.) - then you can't limit their access to CiviCRM to only Profile-based screens.

(Although if that's the only action they need - you might be able to customize the Profile View template to add a link to that action's URL ??)

However, you can create ACLs which provide access to specific Custom Data Groups (i.e. set of custom fields) for roles. Then if you disable "access all custom data" from the Drupal permissions - I think this might achieve what you need. Note that there may be some "gotchas" in this approach - and you'll need to segment out any custom data groups that might need to accessible to "everyone" (i.e. for input on a public-facing page - if you do online contributions etc.).
Protect your investment in CiviCRM by  becoming a Member!

petednz

  • Forum Godess / God
  • I’m (like) Lobo ;)
  • *****
  • Posts: 4899
  • Karma: 193
    • Fuzion
  • CiviCRM version: 3.x - 4.x
  • CMS version: Drupal 6 and 7
Re: Using ACL to limit what information about a contact a user can see
May 01, 2008, 02:08:05 pm
Dave - in Edit ACL page I see I have the option to set the Type of Data to either
A group of contacts
A profile
A set of custom data fields
Events

I can't use it to cover both 'group of contacts' and 'custom data fields'

So do i set up a separate ACL for the latter, but for the same 'managers', and these will then apply together to achieve desired outcome? And do I only have to set up one ACL for custom data for that to apply across all the managers for the different parts of the country?
Sign up to StackExchange and get free expert advice: https://civicrm.org/blogs/colemanw/get-exclusive-access-free-expert-help

pete davis : www.fuzion.co.nz : connect + campaign + communicate

petednz

  • Forum Godess / God
  • I’m (like) Lobo ;)
  • *****
  • Posts: 4899
  • Karma: 193
    • Fuzion
  • CiviCRM version: 3.x - 4.x
  • CMS version: Drupal 6 and 7
Re: Using ACL to limit what information about a contact a user can see
May 01, 2008, 03:28:19 pm
Perka - we have been 'warned' from using the 'email contacts' for anything more than relatively small jobs. Just in case you hadn't picked that up. CiviMail for larger jobs so that opt-out etc can be utilised.
Sign up to StackExchange and get free expert advice: https://civicrm.org/blogs/colemanw/get-exclusive-access-free-expert-help

pete davis : www.fuzion.co.nz : connect + campaign + communicate

Dave Greenberg

  • Administrator
  • I’m (like) Lobo ;)
  • *****
  • Posts: 5760
  • Karma: 226
    • My CiviCRM Blog
Re: Using ACL to limit what information about a contact a user can see
May 01, 2008, 11:12:30 pm
Quote from: peterd on May 01, 2008, 02:08:05 pm
So do i set up a separate ACL for the latter, but for the same 'managers', and these will then apply together to achieve desired outcome? And do I only have to set up one ACL for custom data for that to apply across all the managers for the different parts of the country?

Yes, you need separate ACLs to cover the various types of permissioning - and then you assign multiple ACLs to a given Role. Not sure I'm completely clear on the second part of your question - but I think your intent is to cover all managers with one "custom data limiting" ACL and then have separate ACLs for the group segmentation. If so, assuming you have the ACL -> Role linkages setup properly, I think this should work. Caveat - you may be pushing ACLs further than others have so far, so you may uncover some issues (which I'm sure you'll analyse and report to us in clear details :-) ).
Protect your investment in CiviCRM by  becoming a Member!

petednz

  • Forum Godess / God
  • I’m (like) Lobo ;)
  • *****
  • Posts: 4899
  • Karma: 193
    • Fuzion
  • CiviCRM version: 3.x - 4.x
  • CMS version: Drupal 6 and 7
Re: Using ACL to limit what information about a contact a user can see
May 01, 2008, 11:33:19 pm
oh such flattery - glad to know there are still limits to push  ;)
Sign up to StackExchange and get free expert advice: https://civicrm.org/blogs/colemanw/get-exclusive-access-free-expert-help

pete davis : www.fuzion.co.nz : connect + campaign + communicate
Pages: [1]
  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Using CiviCRM »
  • Using Core CiviCRM Functions (Moderator: Yashodha Chaku) »
  • Using ACL to limit what information about a contact a user can see

This forum was archived on 2017-11-26.