Details
-
Type:
Improvement
-
Status: Done/Fixed
-
Priority:
Major
-
Resolution: Won't Fix
-
Affects Version/s: 2.0
-
Fix Version/s: Unscheduled
-
Component/s: Core CiviCRM
-
Labels:None
Description
In addition to 'View' and 'Edit' ACL's should have a permission for 'Edit Own' to allow users to submit custom data which could then be restricted by other permissions to certain administrative groups.
For example, users can enter their 'political party affiliation' in a profile form because 'Edit Own' permission has been granted to 'Everyone' for the Custom Data Group 'Affiliations', but only users with the 'Political Lobbying Committee' Role can 'View' this information because of another ACL.
Currently, if any user is allowed to enter custom data, even if they can only access their own contact record, then any user who is permitted to view their record can view this custom data. So only administrators can enter permissionable custom data.