Default Permissions and Roles

Return to Access Control Main Page

Default Permissions and Roles in Drupal

Notes on Specific Permissions

Make online contributions:
If you plan to use CiviContribute and want to allow online contributions, enable this permission. Be sure to assign this permission for the "anonymous" role if you want to allow un-authenticated visitors to make contributions.

View event info and Register for events:
If you plan to use CiviEvent and want to allow online event registration, enable these permissions. Be sure to assign permissions for the "anonymous" role if you want to allow un-authenticated visitors to view and register for events.

Profile listings and forms:
If you want to either collect contact information from constituents and/or expose a searchable directory using a profile, you must assign this permission. Be sure to assign this permission for the "anonymous" role if you want to collect contact information from un-authenticated visitors as part of your online contribution pages or during event registration.

Access all custom data:
You must enable this permission for any role which you want to view or edit custom data fields. EXAMPLE: If your site uses Profile(s) which include custom fields, make sure the role(s) that need to access these Profiles have this permission. Be sure to assign this permission for the "anonymous" user role if you want to collect information using custom profiles with custom fields.

Access uploaded files:
Enable this permission for any role which you want to view images, photos and files attached to CiviCRM records and screens. Be sure to assign this permission for the "anonymous" role if you want visitors to see photos attached to contact records, Personal Campaign Pages, etc. and / or other documents intended for public consumption.

Access Contact Dashboard:
You can provide authenticated users with access to a screen where they can review their subscribed groups, contributions, memberships and event registrations (as applicable). Enable this permission for role(s) for which you want to provide this feature. Do not enable this for the "anonymous" role.

Regardless of permissions assigned, the Anonymous role (visitors who are NOT logged in) is not permitted access to the "back-office" functions of CiviCRM. This includes the CiviCRM Home Page dashboard and any of the functions accessed via the standard CiviCRM menus (Find Contacts, Manage Groups, Import, Administer CiviCRM) as well as the built-in Shortcuts block.

CiviCRM+Drupal includes these access control options out of the box:

Permission	Roles with this permission can...
access CiviCRM	Access one or more items in the CiviCRM main menu
access CiviCase	View All Cases
access CiviContribute	View All Contributions
access CiviEvent	View All events, and Participant
access CiviGrant	View all Grants
access CiviMail	View all Mailings
access CiviMail subscribe/unsubscribe pages	Allow user to Subscribe / Unsubscripe from Groups
access CiviMember	View all Members
access CiviPledge	View all Pledges
access CiviReport	View Report Instances
access Contact Dashboard	View Contact Dashboard
access Report Criteria	Allow user to Change Report search Criteria
access all custom data	View / Edit all custom data fields and groups
access uploaded files	View / Download files including images and photos
add contacts	Create a new contact record in CiviCRM
administer CiviCRM	Perform all tasks in the Administer CiviCRM control panel and Import Contacts
administer Multiple Organizations	Allow user to add organization to Group
administer Reports	Manage CiviReport Templates
delete activities	Delete Activities
delete contacts	Delete Contacts
delete in CiviCase	Delete Cases
delete in CiviContribute	Delete Contribtuions
delete in CiviEvent	Delete Participants
delete in CiviGrant	Delete Grants
delete in CiviMail	Delete Mailing
delete in CiviMember	Delete Memberships
delete in CiviPledge	Delete Pledges
edit all contacts	View, Edit and Delete ANY CONTACT in the CiviCRM database; Create and Edit relationships, Tags and other info about the contacts
edit contributions	New / Update Contribution
edit event participants	New / Update Participants
edit grants	New / Update Grant
edit groups	Create New groups, Edit group settings (e.g. group name, visibility...), delete groups
edit memberships	New / Update Membership
edit pledges	New / Update Pledges
import contacts	Import Contact / Activity
make online contributions	Allow user to Online Contribution / Donation
profile listings and forms	Access the Profile Search form and Listings
register for events	Allow event registration
translate CiviCRM	Allow User to Enable Multilingual
view all activities	View All Activities
view all contacts	View ANY CONTACT in the CiviCRM database (no editing allowed), export contact info and perform activities such as Send Email, Log Phone Call, etc.
view event info	Allows users to view event information pages
view event participants	Allow user to View all participant of Event

User Access to Profile Listings

Users / roles can be granted access to CiviCRM Profile Listings so that they can share selected information WITHOUT granting access CiviCRM permission (i.e. without allowing them to access the CiviCRM menus). This is a reasonable configuration choice for Drupal's built-in authenticated user role. If you want anonymous site visitors to view/search Profile Listings, the you would grant this access to the anonymous user role.

Task => Permission