This Make it Happen aims at more granular security for individual Activities and Cases.
- ACL control over individual Activities.
- ACL control over individual Cases.
- UI to implement ACLs for Activities and Cases.
This Make it Happen could potentially lead to more organisations using CiviCRM as implementation in a more secure environment would be much easier.
Currently, all CiviCRM users with "View Cases" permission are able to see all Cases, Activities and related data.
Sensitive data related to individual Cases or Activities is exposed to any user with appropriate permissions.
The new functionality would enable Civi users to:
- Limit Case accessibility through ACLs, including view, edit, create and delete.
- Limit Activities accessibility through ACLs, including view, edit, create and delete.
- UI to implement Case and Activity security.
As a large human service agency with many different program areas, we need to limit who can see sensitive data related to Cases and Activities.
- Users in our Food Pantry need to be able to view and edit Food Pantry Cases, but should not see other Case types that contain medical data.
- Supervisors in our programs need access to Staff Disciplinary Activities that entry level staff should not have access to.
The Nitty Gritty
- Add ACL support for cases via a hook and ensure it works across all screens
- Add ACL support for activities via a hook and ensure it works across all screens
- Add UI support for using the above hooks for "Case and Activity types" only. i.e. a group of users can only see the following "Case types" and/or the following "Activity types"
Making it Happen
This project has been quoted at 100 hours at $125 per hour for a total cost of $12,500.
If this functionality sounds like something your organization could utilize, please consider contributing to the Make it Happen campaign.
If you would like to discuss further, please drop me a line at firstname.lastname@example.org.