CiviCRM Community Forums (archive)

We're working on merging data from two AFSC programs as a major part of our shared database project. At this stage in our planning it is crucial to use Access Control to limit access to users to their respective program areas (admins would have access to all data).

Each of the users is set up with limited access  to only view and edit their group in CiviCRM Access control, in the Drupal permissions, only Access CiviCRM and Import Contacts  is checked.  If Import Contacts is not checked I have no way to access it.

In some instances data imported to the database under one program area may be a duplicate of an existing record. If that is the case, when importing with the settings I mentioned I get the following results:
If an imported  record is in a group I don't have access to it is skipped as a duplicate if skip is selected from the import screen.
If an imported record is in a group I don't have access to and update is check, it will update the record, but I still don't have access to it.
If an imported record is in a group I don't have access to and I check fill, it will fill the missing information in and I will still not have access to it (it will not be added to my group).
If I check don't check for duplicates then obviously a duplicate is created.

Does this sound like the proper Access Control behavior? 

Ideally for us, duplicates would be created OR, users from both groups would have access to the record, but neither could delete it completely as long as it was a member of the other group.

Has anyone else used access control for something like this and can you tell me anything about the configuration I may be overlooking?

Any feedback returned would be appreciated.