CiviCRM Community Forums (archive)

Hello,

On a recently upgraded (1.9 to 2.0.4) CiviCRM install I administer, users without the "Edit Groups" Drupal permission[1] cannot see the "Settings", "Disable", and "Delete" button, implying that the lack of  "Edit Groups" permission is being obeyed, but those users can alter the search criteria for a Smart Group by going to Manage Groups->Members->Edit Smart Group Criteria, then making changes and updating the smart group. The main user of the site assures me that this was not the case in CiviCRM 1.9, but I currently unable to try to verify that this is the case. Aside from disabling some Drupal modules installed at the initial install but never used, I know of no changes to the Drupal or Civi setups beside the upgrades.

The documentation on the "Edit Groups" Drupal permission[2] makes no mention of Smart Groups. Is the "Edit Groups" permission supposed to control access to editing the Smart Group search criteria? Has it ever controlled access to the search criteria? Is it possible that this used to be the case for 1.9 and is not the case for 2.0?

I suppose the fundamental question is: Is there a mechanism for restricting edit access to the Smart Group search criteria?

Thanks,
-G

[1] Specifically, the Drupal role that the users belong to has the following permissions: access CiviCRM,  access Contact Dashboard, access all custom data, add contacts, edit all contacts, profile listings and forms, and view all contacts.

[2] http://wiki.civicrm.org/confluence/display/CRMDOC/Default+Permissions+and+Roles

Thanks!

Best,
-G