Aller directement à la fin des métadonnées
Aller au début des métadonnées

civicrm_acl

Column

Type

Description

Restriction

deny

boolean

Does this ACL entry grant (0) or restrict (1) access?

Only implement grant

operation

enum VIEW, EDIT, CREATE, DELETE, GRANT, REVOKE

What type of operation does this ACL entry govern?

Only implement VIEW/EDIT

entity_table

string

The table of the object(s) possessing this ACL entry. Possible values are Contact, Group, ACL Group, and Domain.

Only implement Contact, ACL Group

entity_id

int unsigned

The ID of the object possessing this ACL entry.

object_table

string

The table being governed by this ACL entry

implement civicrm_contact, civicrm_group, civicirm_admin, civicrm_saved_search

object_id

int unsigned

The ID of the object being governed. If NULL, the ACL entry refers to all objects within object_table.

acl_table

string

For GRANT/REVOKE operations, this field determines if it refers to a single ACL entry, or an entire ACL Group.

skip

acl_id

int unsigned

ID of the ACL or ACL group being GRANTED/REVOKED.

skip

civicrm_acl_group

Column

Type

Description

domain_id

int unsigned

Foreign Key to civicrm_domain.id

is_active

boolean

Is this ACL Group active?

title

string

The name of this ACL Group

civicrm_acl_group_join

Column

Type

Description

Restrictions

acl_group_id

int unsigned

Foreign Key to civicrm_acl_group.id.

entity_table

string

Which table we're joining to (Contact, Group or Domain).

Only implement Group

entity_id

int unsigned

ID of the object being joined.

Example ACL Definitions

  • lets create 3 acl groups for now: Admin (1), Readers (2), All (3)
  • Lets create 3 civicrm groups for now corresponding to the above: Admin (1), Readers (2), All (3)
  • Lets create 3 acl group joins which unify the above two columns: Admin, Readers, All

Here are the ACLs to replace the current permissions

  • View All Contacts ( 0, VIEW, ACL Group, 1, civicrm_contact, null, null, null );
  • Edit All Contacts ( 0, EDIT, ACL Group, 1, civicrm_contact, null, null, null );
  • Manage All Groups ( 0, EDIT, ACL Group, 1, civicrm_group , null, null, null );
  • Manage All Groups ( 0, EDIT, ACL Group, 1, civicrm_group , null, null, null );
  • Administer CiviCRM ( 0, VIEW, ACL Group, 1, civicrm_admin , null, null, null );
  • ( .. and all the other static drupal permissions here .. )

Data partitioning

We have 3000 contacts and 20 readers (ids: R1..R20) and we want to give each reader 150 of these contacts

Lets create 20 groups GRC1 ... GRC20 each having 150 contacts

Each Reader gets the following ACLs

( 0, VIEW, Contact, R1, civicrm_saved_search, GRC1, null, null );
( 0, EDIT, Contact, R1, civicrm_saved_search, GRC1, null, null );

Function calls

Except for contact related permissions which return a query, the other permissions are boolean. Also for now the requesting object is always a contact.

Étiquette
  • Aucun

Creative Commons License
Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-Share Alike 3.0 United States Licence.