CiviCRM Community Forums (archive)

*

News:

Have a question about CiviCRM?
Get it answered quickly at the new
CiviCRM Stack Exchange Q+A site

This forum was archived on 25 November 2017. Learn more.
How to get involved.
What to do if you think you've found a bug.



  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Using CiviCRM »
  • Using Core CiviCRM Functions (Moderator: Yashodha Chaku) »
  • How to protect profile forms with permissions?
Pages: [1]

Author Topic: How to protect profile forms with permissions?  (Read 1234 times)

curufinwe

  • Guest
How to protect profile forms with permissions?
June 19, 2007, 05:53:25 pm
Hi,

We are using profiles to create quick data entry forms for our logged in users.  However, anonymous users can access these profile forms and can submit new contacts using them.  They do get an access denied error once the contact has been submitted and they are redirected to view that record, but the record does exist.

  • We have "profile listings and forms" unchecked for anonymous users in the drupal permissions.
  • All custom data fields in the profile have "User and Admin only" visibility.
  • CiviCRM 1.7 -- 9464
  • We are talking about access through the direct links such as: http://demo.civicrm.org/drupal/civicrm/profile/create?&gid=9&reset=1

The demo exhibits the same behavior, but I assume you have "profile listings and forms" checked for anon users -- we don't have access to drupal admin screens in the demo to verify this. 

Is there a way to limit access to a profile to logged in users?

Thanks for all of your great work on this product!

Ryan
Quixote Center
« Last Edit: June 19, 2007, 05:57:47 pm by curufinwe »

Jason W

  • I post frequently
  • ***
  • Posts: 197
  • Karma: 12
  • jason@civitrainingtutorials.com
  • CiviCRM version: 4.2
  • CMS version: Drupal 7
  • MySQL version: 5.x
  • PHP version: 5.x.x
Re: How to protect profile forms with permissions?
September 25, 2012, 09:02:01 am
Hello Ryan,

You can restrict access to profiles using ACLs. Here is an example:

1. In CiviCRM, go to Search--> Find Contacts. Search for all contacts that are Individuals. Select all contacts and create a new smart group called Authenticated.

2. go to Administer--> Users and Permissions, Then to Manage roles. Add a role and call it Authenticated users.

3. Return to Administer--> Users and Permissions and choose Assign Users to CiviCRM ACL Roles. Add a Role Assignment, selecting the newly created Authenticated users role and assigning it to the Authenticated group.

4. From Administer--> Users and Permissions, Select Manage ACLs. Add an ACL described as Profile restriction. Select Authenticated users as the role, All as the Operation, A profile as the type of data, and your profile from the appropriate dropdown menu. select enabled and save.

This should fix your problem.
Cheers,
Jason
civiTrainingTutorials
"Helping You Help Others"

Pages: [1]
  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Using CiviCRM »
  • Using Core CiviCRM Functions (Moderator: Yashodha Chaku) »
  • How to protect profile forms with permissions?

This forum was archived on 2017-11-26.