Aller directement à la fin des métadonnées
Aller au début des métadonnées
Return to Access Control Main Page.

Assign Users to Roles Overview

Assign Users to Roles provides a way to assign a role (e.g. a set of permissions) to the users in a group. In other words, the people in the group have permission to do the things that have been granted to that role. Before doing this step, you must first create the group and assign it the "Access Control" group type. You must also create the Role you want to assign to it. However, you can add and remove people from your access control groups at any time.

You can use Access Control Lists (ACLs) to control access to groups of contacts in your database. You can also use ACLs to limit access to Profile screens, as well as specific custom fields.

Example

You want contacts in your Advisory Board GROUP to only be visible to your organization's management team:

  • Create a regular GROUP called Advisory Board and add the appropriate CONTACTS to this GROUP.
  • Create another GROUP called Managers and select "Access Control" as the Group Type. Add each of your managers' contact records to this group.
  • Create a Managers ROLE (if you don't already have one)
  • Assign the edit or view OPERATION (the "edit" operation contains the "view" operation, meaning anyone who can edit can view) to the Managers ROLE for the Advisory Board GROUP.

Now only members of your organization's management team that belong to the Managers GROUP will be able to edit or view contacts who are in the Advisory Board GROUP.

LImitations on Access Control
  • Access Control Groups must be static groups. You can not grant an ACL Role to members of a Smart Group. We hope to remove this limitation at some point using a caching solution.
  • You CAN control access to contacts in a Smart Group using ACL Roles. However, this configuration is likely to cause moderate to severe performance degradation. Setting up access control on multiple Smart Groups may result in fatal errors due to exceeding the maximum allowable number of JOIN statements in MySQL.
  • Currently, there are performance considerations if you assign too many ACLs to a single user - and at some point the maximum allowable number of JOIN statements may be exceeded. Remember that the total number of ACLs affecting a given user is a factor of the ACLs assigned to the Roles assigned to all of the ACL Groups that the user is a member of.

Assign Users to Roles

Begin at the Administer CiviCRM page. In the Manage section, choose Access Control.

From the Access Control Page, click on >>Assign Users to Roles

You will see a list of existing role assignments (default is 'Administrator' assigned to the group 'Administrators'). You can create a NEW Role Assignment or Edit, Disable or Delete EXISTING Role Assignments using the links to the right of each role assignment.

NEW

To create a NEW role assignment, click on the >>New Role Assignment link at the bottom of the list of role assignments.

You must create the role and the group (with group type = Access Control) before assigning a role to a group.

Choose the ACL Role and Assigned To value for each role assignment. You can enable/disable the role assignment by checking or unchecking the box labeled Enabled?

Click Save to save the role.

If successful, you will see the new role assignment listed.

EXISTING

For EXISTING Roles you can Edit, Disable or Delete each role assignment using the links to the right of each role.

EDIT

Selecting Edit will bring you to the Edit ACL Role Assignments page where you can change the ACL Role and Assigned To value for each role assignment. Here you can also enable/disable the role assignment by checking or unchecking the box labeled Enabled?

Click Save to save the role assignment.

If successful, you will see the new role assignment listed.

DISABLE

Select Disable to temporarily disable an existing role assignment. You will see the warning:

"Are you sure you want to disable this ACL Role Assignment?"

Click OK to continue or Cancel to cancel disabling the role assignment.

To re-enable the role assignment, simply click on Enable.

DELETE

Select Delete to delete the role assignment. You will be given this warning:

WARNING: Deleting this option will remove this ACL Role Assignment. Do you want to continue?

Click Delete to continue or Cancel to cancel the deletion.

Étiquette
  • Aucun