Author Topic: ACL's View and Edit Problems (Read 1690 times)

svh · July 20, 2009, 04:44:47 am

I am switching our web site from a custom written site with basic membership management to Drupal with CiviCRM.

I am having a problem controlling access to the CiviCRM screens.

I have tried allowing access so that a particular role can only view contacts but when I grant view access those users are able to edit records as well (including add themselves or others to the Administrator group) I have tried separately allowing access via Drupal permissions and via CiviCRM Access control but I have exactly the same problem using both methods. I am probably making a dumb newbie mistake but can't find it.

Also, I can't find in the documentation anything about the "order" column in the CiviCRM manage roles screen. I have tried moving things around to see if perhaps there was some order of rule evaluation type problem but it didn't seem to make a difference.

Thanks and regards
Steven

Dave Greenberg · July 20, 2009, 10:42:26 am

If all you want to do is prevent editing for some folks, just using drupal permissions, and skipping ACL's should do the trick. I just did a quick re-test in 2.2.7 with a user role that had "access CiviCRM" and "view all contacts" permissions (in Drupal permissions) - and the user was NOT able to edit the contact records. If you are seeing a different behavior - would be good to describe exact setup and the URL(s) the user is accessing to edit a contact record.

However, if you need more granular access (user A can only view this subset of contact records, etc.) - then you need to use ACL's and you need to NOT enable the "view all contacts" Drupal permission (since that over-rides ACLs and as you noticed would allow a user to add themselves to any group including Admin groups).

HTH

CiviCRM Community Forums (archive)

News:

Author Topic: ACL's View and Edit Problems (Read 1690 times)

svh

ACL's View and Edit Problems

Dave Greenberg

Re: ACL's View and Edit Problems