CiviCRM 2.2 Documentation : Access Control Groups
This page last changed on Apr 23, 2007 by hallman.

Can I define access control for groups/roles?

  1. Let's assume you want to restrict folks who can view/edit all contacts
    in CiviCRM Group 'Group 2'
  2. Put all the folks who can only View Group 2 Contacts in a CiviCRM
    Group 'ACL View Group 2'
  3. Put all the folks who can Edit Group 2 Contacts in a CiviCRM Group
    'ACL Edit Group 2'. Note that Edit implies View
  4. Create two ACL Roles ' ACL View Group 2 Role' and 'ACL Edit Group 2 Role'
  5. Assign the above ACL Roles to the corresponding CiviCRM Groups
  6. Create an ACL giving ' ACL View Group 2 Role' 'View' access on 'Group 2'

QUESTION: Can you restrict folks who can NOT view/edit contacts in 'Group 2'?

RESPONSE: Currently 'no' primarily for two reasons:

  1. We do not support the 'deny' acl
  2. We dont really have a 'not' operator implemented in search

[Source. ]
Document generated by Confluence on Mar 27, 2009 18:21