Skip to end of metadata
Comment: Migrated to Confluence 4.0
Go to start of metadata

Use Case 

Lets take a look at the US Political System. (and i think this is similar to PIRG / NZ GP / Canadian GP)

  1. There is the National Purple Party. National has organized its core contacts into a few groups. Some of these contacts have been added at a National level while the rest have been added at a State/Local level (i.e. magically appeared in the DB).
  2. There are 50 State Chapters that are part of the National Party.
  3. Each State Chapter has further city and/or county chapters that feed into it. A State like California might potentially have 100 sub-orgs, while Wyoming might have less than 10 sub-orgs.
  4. All the above orgs have "staff contacts" linked to the organization via relationships
  5. For simplicity sake we will consider the following permissions only. We assume that a sub-org will never need permission for the parent org.
  • Edit Contacts
  • View Contacts
  • Edit Contacts of Descendant Orgs
  • View Contacts of Descendant Orgs

There are two potential ways of tackling this issue in CiviCRM currently:

Domain ID Method

Use the domain_id concept that is already built in. Each sub-org gets its own little silo of data and can adjust permissions as needed there for local admins. We then need to introduce the concept of a "multi-domain" civicrm setting, where the parent org can also view/edit contacts from its sub-orgs (i.e. from other silos). This change will require code changes in only a few key areas and is potentially simpler. Contacts are now always associated with a Domain ID. Thus a Contact ID by itself is meaningless. The main drawback of this scheme is that the same contact cannot belong to multiple domains.

ACL Permissioning

For an introduction and basic understanding of ACL's please read this blog post. You might also want to read our ACL wiki pages

The second approach is to extend ACLs to make them more generic and follow the multi org model. We keep the same key concepts as present in CiviCRM. We have organizations and groups.

We introduce the concept of ancestor for an organization. An organization can have one or more ancestors. We create a join table with two keys

We introduce the concept of ownership for a group. A group can have one or more organizations

 We can make the assumption that all public groups of a sub-organizations are inherited by the ancestor organizations.

We also introduce the notion of permission(s) to a relationship type. Thus, we can give the permission "Edit Contacts in Organization" and "Edit Contacts of Descendant Orgs" to the relationship type "Executive Officer".

How does this fit in with ACL's?

 ACL's in the simplest form basically give one or more contacts the power to execute a specific operation. So given a user, we need to find the permissions this user has. Since this is a common function, we need to make this relatively fast and avoid too many db queries etc. We could do a fair amount of caching here at some stage. In our current implementation, answering this questions is fairly easy and is done as follows:

  1. What ACL group's does this user belong to
  2. What is the collective permission of these ACL groups
  3. Does the user have the permission in the above set to perform the operation (or for a search, the additional restrictive sql clause)

Note that we can cache the results from step 1 and 2 for each user and so this can be done only once and is relatively fast. The main drawback of the above scheme is its quite ACL intensive. i.e. you need a lot of ACLs to cover the national -> state -> local chapter above

In the new scenario in addition to the above, we will have to perform the following steps:

  1. Get the permissions the user has via the relationship permissioning scheme above
  2. For each of the orgs that he has permission on, get the groups and the sub-groups (depending on the permission)
  3. Add these permissions to the set of permissions above

Note that we can also cache these for users and perform the above just once. This allows us to generalize permissions quite nicely and makes it easier to control who has permissioning based on the relationship in a very generalized manner

How does this fit in with smart groups?

To avoid smart group bloat, we would need to implement tokenized smart groups. Thus instead of creating 50 smart groups for each state, we create one "tokenized" smart group and send in the "State" value whenever we need to use it. Thus we'd create a tokenized smart group for state / county / province / city / electoral district etc. This also means we'll need to have a protocol of sending in the "token" values for each instance of the group.

This simplifies the model a fair amount, but i suspect might make implementation a bit more difficult. But something worth thinking about

How does SalesForce handle this

Here are some links for the relevant SalesForce documentation. Definitely worth a read

Labels
  • None

7 Comments

Hide/Show Comments

  1. Aug 06, 2007

    Neil Adair

    I like the tokenized smart groups idea. Groups can get out of hand quickly! We essentially do this for electoral districts with Rob Thorne's postal code lookup.

     Using relationships for permissions and access control will require at least one new permission "edit relationships". I can't think of a case where we would want to have a "view" permission but others might.

     Neil

  2. Aug 07, 2007

    Daragh O Brien

    The organisation I work in has 3 different categories of sub-group, Industry-based, Area Of Interest-based and Geographic (logically they are only 2 - virtual and geographic) all as children of the Parent. A member can be a member of one or more of these groups and can have different roles in relation to these groups.

    Each group may in turn have zero, one or more partner organisations (for example our Irish Geographic group partners with an existing Irish Computer industry group) and this has proven to be a successful model.

    We would require centralised management of our membership CRM but, due to data protection/data privacy concerns, we would need to be able to segregate 'prospects' so they would only be visible in the child group, but a report on number of prospects (and conversion rate) might be required at the parent level.

    Also - have you considered integration with Organic Groups? We haven't gone live yet with our site but we were interested in integrating CiviCRM and OG functionality as we want to encourage members to establish satellite groups and to make that as easy as possible - OG gives us the drupal CMS side of the equation but currently we're looking at having to use Smart Groups based on Industry, country etc. to get the CRM side working. The connector for OG and CiviCRM seems to have fallen off the map recently.

    1. Aug 07, 2007

      Donald A. Lobo

      Daragh:

      You might want to consider funding either CivicSpace Labs or Rob Thorne to update the og/civicrm integration modules. In general we prefer that the community contribute the integration modules while we focus on the core work

      lobo

  3. Aug 10, 2007

    Wes Morgan

    Instead of introducing the concept of parents to organizations, couldn't you just "piggy-back" on the new nested groups implementation? Since organizations in a multi-org setup (internal organizations vs. external organization contacts) are represented by a group paired w/ an organization contact "owner," you could represent the hierarchical relationships via the group nesting feature instead of essentially duplicating it for organization contacts.

     Wes

    1. Aug 13, 2007

      Donald A. Lobo

      Wes:

      That is a possibility, but that is more an implementation decision. I think we would want to cover the following cases:

      1. An org having multiple groups associated with it

      2. Being able to nest groups that are not connected to an organization. This is important even in a single org case.

  4. Aug 13, 2007

    Wes Morgan

    dlobo: On the ACLs explained blog entry, you list some future additions that you want to make to the ACL system. It sounds like all of those will be pretty helpful for this multi-org implementation. What's the status of the trunk code w/ regards to ACLs? Have things progressed from when this blog entry was written?

    1. Aug 13, 2007

      Donald A. Lobo

      Wes:

      Things have not progressed a lot with ACL's from the blog. Most of our userbase does not seem to be doing complex permissioning, hence not a lot of movement there.

      I suspect we will revisit it and improve that model in either 2.0 or 2.1 based on how our database schema changes are coming along and the ramifications of that etc


Creative Commons License
Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-Share Alike 3.0 United States Licence.