Skip to end of metadata
Comment: Migrated to Confluence 4.0
Go to start of metadata
CiviCRM Documentation

This page refers to outdated version of CiviCRM. Check current version of documentation.

What happens in cases of overlapping permissions between Drupal and civiCRM permissioning?

For Example:

I grant Edit permissions for a specific Group X to a group of contacts via CiviCRM ACL, and then grant "Edit all contacts" to a Drupal role.
Will a user be able to edit contacts in Group X if they have 'Edit all contacts' role (Drupal) but ARE NOT in the group with "Edit Group X" permissions?

In general all the drupal permissions are "super" user permissions - they grant broad, wide ranging powers.

In the above case, if a user has "edit all contacts", (s)he can edit all contacts.
All other edit/view contact permissions are not even looked at by CiviCRM.

However, if the user has "view all contacts" and an CiviCRM ACL to "edit contacts" in Group X,
(S)he should be able to edit only contacts from Group X.
Labels
  • None

Creative Commons License
Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-Share Alike 3.0 United States Licence.