CiviCRM Community Forums (archive)

*

News:

Have a question about CiviCRM?
Get it answered quickly at the new
CiviCRM Stack Exchange Q+A site
This forum was archived on 25 November 2017. Learn more.
How to get involved.
What to do if you think you've found a bug.



  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Using CiviCRM »
  • Using Core CiviCRM Functions (Moderator: Yashodha Chaku) »
  • ACLs for a complex and large multi-level organisation
Pages: [1]

Author Topic: ACLs for a complex and large multi-level organisation  (Read 347 times)

Upperholme

  • Administrator
  • Ask me questions
  • *****
  • Posts: 568
  • Karma: 8
    • MC3
  • CiviCRM version: 4.x
  • CMS version: Drupal 6.x/7.x, Wordpress, Joomla
ACLs for a complex and large multi-level organisation
December 12, 2014, 03:08:24 am
Reading the documentation it appears that the existing ACL system could work for much of the requirement for a complex multi-level organisation that I'm working with currently. However I feel that the complexity of the organisation (over 500 local units, and six or seven levels of regional/national organisation, plus a number of cross cutting groups and sections) would quickly lead to an unwieldy situation that would be difficult to manage.

I came across the - unfortunately incomplete - wiki page at http://wiki.civicrm.org/confluence/display/CRMDOC/Multi-level+Organization+ACL+Permissions which describes very closely the sort of scenario that I'm looking to manage, and indicates that there is a solution, but doesn't go as far as providing the detail of that solution. Assuming that I'm not the first (and I've located a couple of fairly old forum threads that evidence that) I'm wondering what the current state of the art is on this issue.

Is there custom code available, or that might be made available that we could maybe tweak to fit our use case? Anyone got a functional extension that might help on this issue? Or any advice about the best practice approach?

Thanks for any feedback.


Graham Mitchell
http://mc3.coop

jaapjansma

  • I post frequently
  • ***
  • Posts: 247
  • Karma: 9
    • CiviCoop
  • CiviCRM version: 4.4.2
  • CMS version: Drupal 7
  • MySQL version: 5
  • PHP version: 5.4
Re: ACLs for a complex and large multi-level organisation
December 13, 2014, 11:27:30 am
What I have done recently for an organisation which has members of local branches. And managers of local branches should access those contacts and managers of regions should have access to all contacts which belong to all local branches under the region they are manager of. The same goes for provinces and the managers of the national office.

My solution consisted of the following:
- Contact (types) for local branches, regions, provinces
- Custom field on contacts in which I indicate to which branch, region and province this contact belong (this custom field is populated automaticly from the address but could be overriden manually)
- Custom field set on Individuals determining to which parts they have access. This is a mutiple field with contact references to local branches, regions and provinces. This field determines the access
- Custom code to implement the hook_civicrm_alcWhere based on the custom fields above

Jaap
Developer at Edeveloper / CiviCoop

petednz

  • Forum Godess / God
  • I’m (like) Lobo ;)
  • *****
  • Posts: 4899
  • Karma: 193
    • Fuzion
  • CiviCRM version: 3.x - 4.x
  • CMS version: Drupal 6 and 7
Re: ACLs for a complex and large multi-level organisation
December 13, 2014, 02:13:47 pm
purely in my efforts to be consistent, since i feel i am seeing parallel discussions in a number of threads - here is another approach (though I don't know how well it scales to Graeme's situation but would be worth ruling in/out

Quote
Another approach Fuzion have worked on and 'like' is based around cascading permissioned relationships.

So if Person A is 'officer' for Branch A, then sees contacts with relationship to Branch A

If Person B is 'officer' for Region A, and if Region A has permission over Branches A1, A2, etc, then Person B has access to all contacts at level A

And up it goes ....
Sign up to StackExchange and get free expert advice: https://civicrm.org/blogs/colemanw/get-exclusive-access-free-expert-help

pete davis : www.fuzion.co.nz : connect + campaign + communicate

Upperholme

  • Administrator
  • Ask me questions
  • *****
  • Posts: 568
  • Karma: 8
    • MC3
  • CiviCRM version: 4.x
  • CMS version: Drupal 6.x/7.x, Wordpress, Joomla
Re: ACLs for a complex and large multi-level organisation
December 15, 2014, 07:53:12 am
Thanks guys.

Pete - yours strikes me as a particularly elegant approach. I'll do some work based on that to see where it gets me. What was that other thread you referred to? (might be useful).
Graham Mitchell
http://mc3.coop

petednz

  • Forum Godess / God
  • I’m (like) Lobo ;)
  • *****
  • Posts: 4899
  • Karma: 193
    • Fuzion
  • CiviCRM version: 3.x - 4.x
  • CMS version: Drupal 6 and 7
Re: ACLs for a complex and large multi-level organisation
December 15, 2014, 11:20:13 am
1.2 branch from here https://civicrm.org/extensions/relationship-permissions-acls
Sign up to StackExchange and get free expert advice: https://civicrm.org/blogs/colemanw/get-exclusive-access-free-expert-help

pete davis : www.fuzion.co.nz : connect + campaign + communicate
Pages: [1]
  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Using CiviCRM »
  • Using Core CiviCRM Functions (Moderator: Yashodha Chaku) »
  • ACLs for a complex and large multi-level organisation

This forum was archived on 2017-11-26.