CiviCRM Community Forums (archive)

*

News:

Have a question about CiviCRM?
Get it answered quickly at the new
CiviCRM Stack Exchange Q+A site
This forum was archived on 25 November 2017. Learn more.
How to get involved.
What to do if you think you've found a bug.



  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • General Discussion (please no support requests here!) (Moderator: Michał Mach) »
  • ACL and Group security issue confirmation and PR orientation
Pages: [1]

Author Topic: ACL and Group security issue confirmation and PR orientation  (Read 979 times)

danielmart

  • I’m new here
  • *
  • Posts: 1
  • Karma: 0
ACL and Group security issue confirmation and PR orientation
February 03, 2017, 02:02:07 am
Hello,

I would like to confirm this statements regarding permissions, ACL and groups (Wordpress 4.7.1, civicrm 4.7.15)

1- Permission to edit contacts (ACL or general), allows user to assign contacts to ANY group
2- As 1 is true, user can add himself to another group and thus obtain its ACL related permissions

This is a serious issue for us as it hinders the flexible security management ACL provides. I would like to evaluate viability of a feature to solve this problem. I see two approaches:

1- A general permission (not ACL related, in wordpress related to wordpress user role) which would control assignment to control access groups (this will be enough for our organization)
2- As 1, combined with ACL permissions (p.e. denied general permission but allowed assignment to certain control access groups through ACL)

I would be capable to work in any of this approaches (1 in first phase, then 2) but I am not yet very familiar with civicrm code structure. Can you point out the possible problems and difficulties of implementation of these features? Is there any related isssue in Jira?

Thank you

petednz

  • Forum Godess / God
  • I’m (like) Lobo ;)
  • *****
  • Posts: 4899
  • Karma: 193
    • Fuzion
  • CiviCRM version: 3.x - 4.x
  • CMS version: Drupal 6 and 7
Re: ACL and Group security issue confirmation and PR orientation
February 07, 2017, 09:19:42 pm
hey daniel - recommend you head over to StackExchange - forum is mostly archive now.
Sign up to StackExchange and get free expert advice: https://civicrm.org/blogs/colemanw/get-exclusive-access-free-expert-help

pete davis : www.fuzion.co.nz : connect + campaign + communicate
Pages: [1]
  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • General Discussion (please no support requests here!) (Moderator: Michał Mach) »
  • ACL and Group security issue confirmation and PR orientation

This forum was archived on 2017-11-26.