E-mail
civicrm_acl
Column |
Type |
Description |
Restriction |
|---|---|---|---|
deny |
boolean |
Does this ACL entry grant (0) or restrict (1) access? |
Only implement grant |
operation |
enum VIEW, EDIT, CREATE, DELETE, GRANT, REVOKE |
What type of operation does this ACL entry govern? |
Only implement VIEW/EDIT |
entity_table |
string |
The table of the object(s) possessing this ACL entry. Possible values are Contact, Group, ACL Group, and Domain. |
Only implement Contact, ACL Group |
entity_id |
int unsigned |
The ID of the object possessing this ACL entry. |
|
object_table |
string |
The table being governed by this ACL entry |
implement civicrm_contact, civicrm_group, civicirm_admin, civicrm_saved_search |
object_id |
int unsigned |
The ID of the object being governed. If NULL, the ACL entry refers to all objects within |
|
acl_table |
string |
For GRANT/REVOKE operations, this field determines if it refers to a single ACL entry, or an entire ACL Group. |
skip |
acl_id |
int unsigned |
ID of the ACL or ACL group being GRANTED/REVOKED. |
skip |
civicrm_acl_group
Column |
Type |
Description |
|---|---|---|
domain_id |
int unsigned |
Foreign Key to |
is_active |
boolean |
Is this ACL Group active? |
title |
string |
The name of this ACL Group |
civicrm_acl_group_join
Column |
Type |
Description |
Restrictions |
|---|---|---|---|
acl_group_id |
int unsigned |
Foreign Key to |
|
entity_table |
string |
Which table we're joining to (Contact, Group or Domain). |
Only implement Group |
entity_id |
int unsigned |
ID of the object being joined. |
Example ACL Definitions
- lets create 3 acl groups for now: Admin (1), Readers (2), All (3)
- Lets create 3 civicrm groups for now corresponding to the above: Admin (1), Readers (2), All (3)
- Lets create 3 acl group joins which unify the above two columns: Admin, Readers, All
Here are the ACLs to replace the current permissions
- View All Contacts ( 0, VIEW, ACL Group, 1, civicrm_contact, null, null, null );
- Edit All Contacts ( 0, EDIT, ACL Group, 1, civicrm_contact, null, null, null );
- Manage All Groups ( 0, EDIT, ACL Group, 1, civicrm_group , null, null, null );
- Manage All Groups ( 0, EDIT, ACL Group, 1, civicrm_group , null, null, null );
- Administer CiviCRM ( 0, VIEW, ACL Group, 1, civicrm_admin , null, null, null );
- ( .. and all the other static drupal permissions here .. )
Data partitioning
We have 3000 contacts and 20 readers (ids: R1..R20) and we want to give each reader 150 of these contacts
Lets create 20 groups GRC1 ... GRC20 each having 150 contacts
Each Reader gets the following ACLs
( 0, VIEW, Contact, R1, civicrm_saved_search, GRC1, null, null );
( 0, EDIT, Contact, R1, civicrm_saved_search, GRC1, null, null );
Function calls
Except for contact related permissions which return a query, the other permissions are boolean. Also for now the requesting object is always a contact.
