This documentation relates to CiviCRM version 3.1. It's not maintained anymore.
Current version of documentation.

Permission Drupal vs. CiviCRM

Skip to end of metadata
Go to start of metadata

This page refers to outdated version of CiviCRM. Check current version of documentation.

Documentation Search

CiviCRM 3.1 Documentation

Support and Participation

Developer Resources

CiviCRM book!

Make sure to check out Understanding CiviCRM as well! You can also support this project by ordering a hard copy.

What happens in cases of overlapping permissions between Drupal and civiCRM permissioning?

For Example:

I grant Edit permissions for a specific Group X to a group of contacts via CiviCRM ACL, and then grant "Edit all contacts" to a Drupal role.
Will a user be able to edit contacts in Group X if they have 'Edit all contacts' role (Drupal) but ARE NOT in the group with "Edit Group X" permissions?

In general all the drupal permissions are "super" user permissions - they grant broad, wide ranging powers.

In the above case, if a user has "edit all contacts", (s)he can edit all contacts.
All other edit/view contact permissions are not even looked at by CiviCRM.

However, if the user has "view all contacts" and an CiviCRM ACL to "edit contacts" in Group X,
(S)he should be able to edit only contacts from Group X.

  • None

Creative Commons License
Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-Share Alike 3.0 United States Licence.