Details
-
Type:
New Feature
-
Status: Done/Fixed
-
Priority:
Major
-
Resolution: Fixed/Completed
-
Affects Version/s: 1.7
-
Fix Version/s: 1.7
-
Component/s: None
-
Labels:None
Description
Currently if a user A has access to Contact X, he has access to all of Contact X's info including all custom groups. This issue fixes this problem.
You can now create a "Money Group" which deals with confidential user information, and only give a limited set access to that group. Thus to View and/or Edit a Custom Group C for Contact X, the user A must have
1. View/Edit permission for Contact X
AND
2. View/Edit permission for Custom Group C
A default ACL that gives all users access to all Custom Groups will be part of the civicrm_data. Folks can modify this and restrict it as they see fit
We will use a similar approach for profiles.
All custom fields used in a profile should have the appropriate permission for that user.
UPDATE: Profiles have a few more ops: Create/List/Search apart from View/Edit which are available in 1.7, but all the rest of option will be implemented in 1.8.