Configuring Drupal Access Control
 | Learn More About Drupal Access Control
If you are new to Drupal/CivicSpace, you should review 'Managing access control with permissions and user roles' in the Drupal Handbook prior to configuring CiviCRM-specific roles and permissions. |
Configure Drupal Permissions, Roles and Access Rules to manage which users can perform actions.
Go to ADMINISTER CIVICRM. 
Under the MANAGE Section, click on ACCESS CONTROL
Click on the >>Drupal Access Control link. You will be taken to the Drupal Access Control section.
Configure CiviCRM-Related Drupal Permissions
 | Access to CiviCRM modules, contacts, contribution pages, event pages, and profiles is controlled in Drupal. If you want to control access to groups of contacts, profiles, or custom data selectively (i.e. some users can access some but not all data), use CiviCRM's built-in ACLs.
For example, in Drupal you can decide whether to give anonymous users access to your online contribution pages so they can make online donations or to a profile so they could see a directory/profile listing. See more examples below. |
The Drupal Access Control screen lists available CiviCRM Permissions and the Roles that have that permission:
 | If a CiviCRM module (CiviContribute, CiviEvent, etc.) is turned on, you will see additional permission options listed that are specific to that module, such as edit contributions or event participants. |
Examples:
If there are staff members who you want to allow to view basic contact info, but not contribution info, you would check view all contacts and not access CiviContribute - then those staff members won't see the CiviContribute tab.
If you want to give them permission to view the contact and view the contributions, but not enter or edit contributions, do not check the edit contributions permission. Then they can see but not edit or create new contributions, and they won't see "add a new contribution" in the contact Contributions tab.
For "access all custom data" - if you are using custom data fields (and you don't want to use advanced permissions through ACL's), you would check this box to allow CiviCRM Users access to custom data fields. If you are using custom fields in a profile linked to User Registraiton - then you must check this box for the Anonymous role.
If you want to allow anonymous users of your website to download files, check "access uploaded files" to allow anyone who visits your site to download files you post on your site.
Based on your workflow (see PLAN), you will need to decide which group(s) are given which PERMISSION(S).
Example: Some organizations do not want to give Users permission to administer CiviCRM, so they would not put a check under the CiviCRM User column in the row labled "administer CiviCRM". Putting a check in this box would give CiviCRM Users PERMISSION to administer CiviCRM.
Links for Permissions, Roles and Access Rules are located in the Drupal Administer section.
For the latest information about configuring Drupal Roles in your version of Drupal, see the Drupal website: http://www.drupal.org
Configuring Drupal Roles
Roles allow you to fine tune the security and administration of Drupal. A role defines a group of users that have certain privileges as defined in permissions. Examples of roles include: anonymous user, authenticated user, moderator, administrator and so on. In this area you will define the role names of the various roles.
By default, Drupal comes with two user roles:
- Anonymous user: this role is used for users that don't have a user account or that are not authenticated.
- Authenticated user: this role is automatically granted to all logged in users.
Links for Permissions, Roles and Access Rules are located in the Drupal Administer section.
Configuring Drupal Access Rules
Links for Permissions, Roles and Access Rules are located in the Drupal Administer section.
For information about configuring Drupal Access Rules in your version of Drupal, see the Drupal website: http://drupal.org/node/22275
