Details
-
Type:
Improvement
-
Status: Open
-
Priority:
Major
-
Resolution: Unresolved
-
Affects Version/s: 4.7.10
-
Fix Version/s: None
-
Component/s: None
-
Labels:
-
Versioning Impact:Patch (backwards-compatible bug fixes)
-
Documentation Required?:None
-
Funding Source:Needs Funding
Description
The Permissions controls are really quite limited in CiviCRM. My biggest concern is there is no control for the actions menu (when searching for contacts or viewing a contact dashboard). The actions menu is so powerful users who are restricted from using some features through the CMS can avoid these barriers via this menu.
My problem in context
For example, I have created some message templates for the print / merge document feature. This works great for generating certificates for contacts. However i don't want anybody in my organisation to be able to issue these certificates! Only the top people should be able to. In a related matter, when a user wants to send an email to a contact they will be able to view all these templates and incorrectly use them!
Besides, if you disable a user from being able to access custom fields data, they still can through anything that uses tokens with those fields e.g. generating pdfs using those templates for certificates i talked about before.
If you disable a user from accessing CiviMail they can still send SMS via the actions menu.
It would be very useful if permissions were given an overhaul across civicrm.
Many thanks