Details
-
Type:
Improvement
-
Status: Done/Fixed
-
Priority:
Major
-
Resolution: Duplicate
-
Affects Version/s: 4.7
-
Fix Version/s: Unscheduled
-
Component/s: None
-
Labels:None
-
Versioning Impact:Patch (backwards-compatible bug fixes)
-
Documentation Required?:None
-
Funding Source:Needs Funding
Description
See https://issues.civicrm.org/jira/browse/CRM-18122
It is much too easy to grant permissions that inadvertently expose data.
Barring improvements to profiles and/or permissions (and even if they were improved) we should have clear documentation on the risk of doing so, and steps you can take to avoid it.
I should be discussed and/or cross referenced in
- http://docs.civicrm.org/user/en/stable/initial-set-up/permissions-and-access-control/ and
- http://docs.civicrm.org/user/en/stable/initial-set-up/security/
- http://docs.civicrm.org/user/en/stable/organising-your-data/profiles/
When working on this, it might be a good time to merge information from the following wiki pages into the book and delete the wiki page:
- https://wiki.civicrm.org/confluence/display/CRMDOC/Default+Permissions+and+Roles
- https://wiki.civicrm.org/confluence/display/CRMDOC/Access+Control+Context+and+Overview
Once complete, it probably makes sense to update UI references to the documentation in appropriate pages like the profiles config pages.
Attachments
Issue Links
- is supplemented by
-
-
- Done/Fixed
-