CiviCRM Community Forums (archive)

*

News:

Have a question about CiviCRM?
Get it answered quickly at the new
CiviCRM Stack Exchange Q+A site
This forum was archived on 25 November 2017. Learn more.
How to get involved.
What to do if you think you've found a bug.



  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Developer Discussion (Moderator: Donald Lobo) »
  • Securing Contribution Data from non-permissioned users
Pages: [1]

Author Topic: Securing Contribution Data from non-permissioned users  (Read 402 times)

jake.mw

  • I’m new here
  • *
  • Posts: 6
  • Karma: 0
    • PeaceWorks Technology Solutions
Securing Contribution Data from non-permissioned users
March 06, 2015, 07:49:56 pm
I have encountered several organizations who want to hide sensitive financial information from the majority of their staff, exposing contributions to their fundraising departments only. They still want non-financial data on these contacts to remain visible to other staff  (volunteer profiles, events, notes, etc.), but the contribution data should be hidden.

As a helpful start, the permission 'access CiviContribute' turns off the 'Contribution' tab when viewing contacts. However, contribution data is still exposed to users who do not have this 'access CiviContribute' permission:

1. Activities of the 'Contribution' type get hidden from the 'Activities' tab on a contact record, but these Activities still get exposed in an Activity search and in Activity reports. See issue here: https://issues.civicrm.org/jira/browse/CRM-12675.

2. If users are granted the 'administer reports' permission, then they can access any CiviContribute reports. We need non-CiviContribute staff to be able to use the full power of CiviReport, including creating and saving reports not specific to fundraising, while *not* being granted access to the contribution data. I know you can set permissions on the report instance, but I need to disable access to the report templates too.

I have offered to file a patch for #1 in Jira. On #2 -- I'm wondering if it would be appropriate to deny permission to CiviContribute report templates for users who lack the 'access CiviContribute' permission. Does this sound like a reasonable thing to do, or is it too invasive? I'd be happy to file an issue and patch for the reports if this seems appropriate.

Erik Hommel

  • Forum Godess / God
  • I live on this forum
  • *****
  • Posts: 1773
  • Karma: 59
    • EE-atWork
  • CiviCRM version: all sorts
  • CMS version: Drupal
  • MySQL version: Ubuntu's latest LTS version
  • PHP version: Ubuntu's latest LTS version
Re: Securing Contribution Data from non-permissioned users
March 07, 2015, 04:34:11 am
I think it would be better to be able to limit the access to the specific reports at the report level rather than on a field on a report? It sound more logical to not be able to see the Contribution report at all, or have a specific one without any amounts.
Consultant/project manager at EEatWork and CiviCooP (http://www.civicoop.org/)

lolas

  • I post frequently
  • ***
  • Posts: 134
  • Karma: 9
    • Freeform Solutions
  • CiviCRM version: Several
  • CMS version: Drupal
  • MySQL version: 5.1+
  • PHP version: Several
Re: Securing Contribution Data from non-permissioned users
March 07, 2015, 05:12:23 am
Another suggestion: It might be nice to define a new set of permissions: "Administer all reports", "Administer reports for Contacts", "Administer reports for CiviContribute" etc. These could limit access to the templates on a component level. "Administer all reports" would be equivalent to what we have now.
Freeform Solutions provides technology and management consulting, website and database development, and managed internet hosting solutions for not-for-profit organizations (NFPs).

sandeepmohanty

  • I’m new here
  • *
  • Posts: 14
  • Karma: 0
  • CiviCRM version: 4.5.3
  • CMS version: Drupal 7.32
  • MySQL version: 5.5.40
  • PHP version: 5.3.10
Send Alert message to user
March 18, 2015, 03:48:27 am
I am using civicrm in drupal for church management. I am facing one problem suppose one Member Filled the online membership form and when he will submit that webform.... He will get an Alert i.e. Your membership recived.  . Like that Suppose in contibution section How each church member will get SMS Alert ...individual contribution amount they contributed for church. Please Give me solution how to fix it ???
« Last Edit: March 18, 2015, 03:53:31 am by sandeepmohanty »

lolas

  • I post frequently
  • ***
  • Posts: 134
  • Karma: 9
    • Freeform Solutions
  • CiviCRM version: Several
  • CMS version: Drupal
  • MySQL version: 5.1+
  • PHP version: Several
Re: Send Alert message to user
March 18, 2015, 06:47:50 am
Quote from: sandeepmohanty on March 18, 2015, 03:48:27 am
I am using civicrm in drupal for church management. I am facing one problem suppose one Member Filled the online membership form and when he will submit that webform.... He will get an Alert i.e. Your membership recived.  . Like that Suppose in contibution section How each church member will get SMS Alert ...individual contribution amount they contributed for church. Please Give me solution how to fix it ???

This is a different issue than the original question. You should really start a new topic for your question.
Freeform Solutions provides technology and management consulting, website and database development, and managed internet hosting solutions for not-for-profit organizations (NFPs).
Pages: [1]
  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Developer Discussion (Moderator: Donald Lobo) »
  • Securing Contribution Data from non-permissioned users

This forum was archived on 2017-11-26.