This documentation refers to CiviCRM 3.2, current stable version. Please introduce all the documentation changes here.

Default Permissions and Roles

This page refers to CiviCRM 3.2.

Documentation Search

CiviCRM 3.2 Documentation

Support and Participation

Developer Resources

CiviCRM book!
Make sure to check out Understanding CiviCRM as well! You can also support this project by ordering a hard copy.
Return to Access Control Main Page

Default Permissions and Roles in Drupal

Notes on Specific Permissions
  • Make online contributions:
    If you plan to use CiviContribute and want to allow online contributions, enable this permission. Be sure to assign this permission for the "anonymous" role if you want to allow un-authenticated visitors to make contributions.
  • View event info and Register for events:
    If you plan to use CiviEvent and want to allow online event registration, enable these permissions. Be sure to assign permissions for the "anonymous" role if you want to allow un-authenticated visitors to view and register for events.
  • Profile listings and forms:
    If you want to either collect contact information from constituents and/or expose a searchable directory using a profile, you must assign this permission. Be sure to assign this permission for the "anonymous" role if you want to collect contact information from un-authenticated visitors as part of your online contribution pages or during event registration.
  • Access all custom data:
    You must enable this permission for any role which you want to view or edit custom data fields. EXAMPLE: If your site uses Profile(s) which include custom fields, make sure the role(s) that need to access these Profiles have this permission. Be sure to assign this permission for the "anonymous" user role if you want to collect information using custom profiles with custom fields.
  • Access uploaded files:
    Enable this permission for any role which you want to view images, photos and files attached to CiviCRM records and screens. Be sure to assign this permission for the "anonymous" role if you want visitors to see photos attached to contact records, Personal Campaign Pages, etc. and / or other documents intended for public consumption.
  • Access Contact Dashboard:
    You can provide authenticated users with access to a screen where they can review their subscribed groups, contributions, memberships and event registrations (as applicable). Enable this permission for role(s) for which you want to provide this feature. Do not enable this for the "anonymous" role.
Regardless of permissions assigned, the Anonymous role (visitors who are NOT logged in) is not permitted access to the "back-office" functions of CiviCRM. This includes the CiviCRM Home Page dashboard and any of the functions accessed via the standard CiviCRM menus (Find Contacts, Manage Groups, Import, Administer CiviCRM) as well as the built-in Shortcuts block.

CiviCRM+Drupal includes these access control options out of the box:

Permission Roles with this permission can...
access CiviCRM Access one or more items in the CiviCRM main menu
access CiviCase View All Cases
access CiviContribute View All Contributions
access CiviEvent View All events, and Participant
access CiviGrant View all Grants
access CiviMail View all Mailings
access CiviMail subscribe/unsubscribe pages Allow user to Subscribe / Unsubscripe from Groups
access CiviMember View all Members
access CiviPledge View all Pledges
access CiviReport View Report Instances
access Contact Dashboard View Contact Dashboard
access Report Criteria Allow user to Change Report search Criteria
access all custom data View /  Edit all custom data fields and groups
access uploaded files View / Download files including images and photos
add contacts Create a new contact record in CiviCRM
administer CiviCRM Perform all tasks in the Administer CiviCRM control panel and Import Contacts
administer Multiple Organizations Allow user to add organization to Group
administer Reports Manage CiviReport Templates
delete activities Delete Activities
delete contacts Delete Contacts
delete in CiviCase Delete Cases
delete in CiviContribute Delete Contribtuions
delete in CiviEvent Delete Participants
delete in CiviGrant Delete Grants
delete in CiviMail Delete Mailing
delete in CiviMember Delete Memberships
delete in CiviPledge Delete Pledges
edit all contacts View, Edit  and Delete ANY CONTACT in the CiviCRM database;
 Create and Edit relationships, Tags and other info about the contacts
edit contributions New / Update Contribution
edit event participants New / Update Participants
edit grants New / Update Grant
edit groups Create New groups, Edit group settings (e.g. group name, visibility...), delete groups
edit memberships New / Update Membership
edit pledges New / Update Pledges
import contacts Import Contact / Activity
make online contributions Allow user to Online Contribution / Donation
profile listings and forms Access the Profile Search form and Listings
register for events Allow event registration
translate CiviCRM Allow User to Enable Multilingual
view all activities View All Activities
view all contacts View ANY CONTACT in the CiviCRM database (no editing allowed), export
 contact info and perform activities such as Send Email, Log Phone Call, etc.
view event info Allows users to view event information pages
view event participants Allow user to View all participant of Event
User Access to Profile Listings
Users / roles can be granted access to CiviCRM Profile Listings so that they can share selected information WITHOUT granting access CiviCRM permission (i.e. without allowing them to access the CiviCRM menus). This is a reasonable configuration choice for Drupal's built-in authenticated user role. If you want anonymous site visitors to view/search Profile Listings, the you would grant this access to the anonymous user role.
Task => Permission
New Case          => add contacts               + access CiviCase       + enabled CiviCase
                     (standalone context)

New Contribution  => edit contributions         + access CiviContribute + enabled CiviContribute
New Membership    => edit memberships           + access CiviMember     + enabled CiviMember
New Pledge        => edit pledges               + access CiviPledge     + enabled CiviPledge
New Participant   => edit event participants    + access CiviEvent      + enabled CiviEvent
New Grant         => edit grants                + access CiviGrant      + enabled CiviGrant

New Group         => edit groups
Manage Groups     => edit groups + administer CiviCRM
Group Members     => view all contacts

Import Contact    => access CiviCRM + import contacts
Import Activity   => access CiviCRM + import contacts

Import Contribution => edit contributions       + access CiviContribute
Import Member       => edit memberships         + access CiviMember
Import Participant  => edit event participants  + access CiviEvent

Tabs
Contribution
    Contribution View   => access CiviContribute + view all contacts / edit all contacts
    Contribution Edit   => access CiviContribute + view all contacts / edit all contacts + edit contributions
    Contribution Delete => access CiviContribute + delete in CiviContribute

Membership
    Membership View   => access CiviMember + view all contacts / edit all contacts
    Membership Edit   => access CiviMember + view all contacts / edit all contacts + edit memberships
    Membership Delete => access CiviMember + delete in CiviMember

Event
    Participant View   => access CiviEvent + view all contacts / edit all contacts
    Participant Edit   => access CiviEvent + view all contacts / edit all contacts + edit event participants
    Participant Delete => access CiviEvent + delete in CiviEvent

Pledges
    Pledge View   => access CiviPledge + view all contacts / edit all contacts
    Pledge Edit   => access CiviPledge + view all contacts / edit all contacts + edit pledges
    Pledge Delete => access CiviPledge + delete in CiviPledge

Reports
    Show Report Instance  List      => access CiviReport
    Show Report Templates List      => administer Reports
    Manage Templates                => administer Reports
    Create New Report(Register)     => administer Reports
    Change Report Search Criteria   => access Report Criteria


Add  Contact  => add contacts
Find Contact  => view all contacts
Edit Contact  => edit all contact
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.

Creative Commons License
Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-Share Alike 3.0 United States Licence.