This documentation refers to CiviCRM 4.4 which is the latest stable release.
Skip to end of metadata
Go to start of metadata
Default Permissions and Roles
|Notes on Specific Permissions|
- Make online contributions:
If you plan to use CiviContribute and want to allow online contributions, enable this permission. Be sure to assign this permission for the "anonymous" role if you want to allow un-authenticated visitors to make contributions.
- View event info and Register for events:
If you plan to use CiviEvent and want to allow online event registration, enable these permissions. Be sure to assign permissions for the "anonymous" role if you want to allow un-authenticated visitors to view and register for events.
- Profile listings and forms:
If you want to either collect contact information from constituents and/or expose a searchable directory using a profile, you must assign this permission. Be sure to assign this permission for the "anonymous" role if you want to collect contact information from un-authenticated visitors as part of your online contribution pages or during event registration.
- Access all custom data:
You must enable this permission for any role which you want to view or edit custom data fields. EXAMPLE: If your site uses Profile(s) which include custom fields, make sure the role(s) that need to access these Profiles have this permission. Be sure to assign this permission for the "anonymous" user role if you want to collect information using custom profiles with custom fields.
- Access uploaded files:
Enable this permission for any role which you want to view images, photos and files attached to CiviCRM records and screens. Be sure to assign this permission for the "anonymous" role if you want visitors to see photos attached to contact records, Personal Campaign Pages, etc. and / or other documents intended for public consumption.
- Access Contact Dashboard:
You can provide authenticated users with access to a screen where they can review their subscribed groups, contributions, memberships and event registrations (as applicable). Enable this permission for role(s) for which you want to provide this feature. Do not enable this for the "anonymous" role.
Regardless of permissions assigned, the Anonymous role (visitors who are NOT logged in) is not permitted access to the "back-office" functions of CiviCRM. This includes the CiviCRM Home Page dashboard and any of the functions accessed via the standard CiviCRM menus (Find Contacts, Manage Groups, Import, Administer CiviCRM) as well as the built-in Shortcuts block.
CiviCRM includes these access control options out of the box:
Roles with this permission can...
Access one or more items in the CiviCRM main menu
Create cases and view all cases
Record backend contributions (with edit contributions) and view all contributions (for visible contacts)
Create events, view all events, and view participant records (for visible contacts)
Create grants (with edit grants) and view all grants
Create and view all mailings
access CiviMail subscribe/unsubscribe pages
Subscribe/unsubscribe from mailing list groups
Record backend memberships (with edit memberships) and view all memberships (for visible contacts)
Record backend pledges (with edit pledges) and view all pledges (for visible contacts)
View report instances
access Contact Dashboard
View Contact Dashboard (for themselves and visible contacts)
access Report Criteria
Allow user to Change Report search Criteria
access all custom data
View / Edit all custom data fields and groups
access uploaded files
View / Download files including images and photos
Create a new contact record in CiviCRM
Perform all tasks in the Administer CiviCRM control panel and Import Contacts
|skip IDS check||v4.4 and later. IDS system is bypassed for users with this permission. Prevents false errors for admin users.|
administer Multiple Organizations
Allow user to add organization to Group
Manage CiviReport Templates
delete in CiviCase
delete in CiviContribute
delete in CiviEvent
delete in CiviGrant
delete in CiviMail
delete in CiviMember
delete in CiviPledge
edit all contacts
View, Edit and Delete ANY CONTACT in the CiviCRM database;
Create and Edit relationships, Tags and other info about the contacts
New / Update Contribution
edit event participants
New / Update Participants
New / Update Grant
Create New groups, Edit group settings (e.g. group name, visibility...), delete groups
New / Update Membership
New / Update Pledges
Import Contact / Activity
make online contributions
Allow user to Online Contribution / Donation
profile listings and forms
Access the Profile Search form and Listings
register for events
Allow event registration
Allow User to Enable Multilingual
view all activities
View All Activities
view all contacts
View ANY CONTACT in the CiviCRM database (no editing allowed), export
contact info and perform activities such as Send Email, Log Phone Call, etc.
view event info
Allows users to view event information pages
view event participants
Allow user to View all participant of Event
In the context of component access (e.g. "access CiviContribute"), the term "visible contacts" means that a user can only view records relating to contacts they have the permission to view. A user with "access CiviMember" may have "view all contacts" and therefore be able to view all memberships. On the other hand, if she doesn't have that permission, she might have CiviCRM ACLs granting the ability to view some or all contacts, and then she'd be able to view all memberships. Another user might have "access CiviMember" but neither "view all contacts" nor any ACLs granting him access to view any contacts. In this case, he would not be able to view any memberships.
|User Access to Profile Listings|
Users / roles can be granted access to CiviCRM Profile Listings so that they can share selected information WITHOUT granting access CiviCRM permission (i.e. without allowing them to access the CiviCRM menus). This is a reasonable configuration choice the authenticated user role. If you want anonymous site visitors to view/search Profile Listings, the you would grant this access to the anonymous user role. Please consider using "Limit listings to group" in your profile settings to limit the contacts that are exposed via profile listings.