Page MenuHomePhabricator

Further permission restrictions
Open, Needs TriagePublic4 Estimated Story Points

Description

During the permissions testing we found that we could not remove permissions to create custom fields or alter fields like the Direct Mail appeal from teams that did not need to use the functions. The following three permissions seemed to be linked to this ability. We'd like to find a way to decouple the ability to use the civi menus at the top from the ability to create custom fields and change drop downs, relationship types, etc.

CiviCRM: administer CiviCRM
Perform all tasks in the Administer CiviCRM control panel and Import Contacts

CiviCRM: administer CiviCRM System
Perform all system administration tasks in CiviCRM

CiviCRM: all CiviCRM permissions and ACLs
Administer and use CiviCRM bypassing any other permission or ACL checks and enabling the creation of displays and forms that allow others to bypass checks. This permission should be given out with care