So far this week I have done 5 hours of clicking little check-boxes on CiviCRM. I don’t mind that, but this is something that I should have caught on the development cycle and hopefully have found a way around it with the developer.
So what happened? It took until our Drupal / CiviCRM website was launched for me to realise that our administrative users did not have enough administrative rights. So picture the scene:
- An individual has their log-in
- They are connected to an organisation by way of a relationship
- The organisation is connected to an organisation where it provides a service, by way of a relationship
- This all to be editable via a webform
You would hope that then user would be configurable as a group to be permitted to at least edit the details of their organisation, if not those of where it operates as well. It is technically possible. You can make an individuals account permissive to edit, but without installing an expansion that will only extend to the first organisation. You can also set this automatically, but this also requires an extension.
More importantly though; none of this can apparently be retrofitted. The 400 users, the 210 organisations and the 300 operating locations already there need to be configured by hand. I find myself doing lots of little clicks and waiting for it to load and what feels like an eternity later I am now in the clear.
What can I learn about CiviCRM from this?
Actually quite a lot. I am always wary of giving too many people too much of a chance to break things, I am quite capable of doing that myself. So when I am looking at an organisational structure and as an umbrella having to put users I have not even met in an administrative capacity; I need to cover every corner of the system.
What I could have done was found Eileen McNaughton’s Relationship Permissions as ACLs extension much sooner as I see Eileen’s 1.2 branch as the solution. The only downsides there are that it is not directly installed from CiviCRM’s extension installation page and I have to learn enough PHP to set up some of it’s dependencies…. I think….
People forget, I am not actually an expert, I know HTML and CSS and that is about it. I am just a lay project lead!
Relationship Permissions as ACLs can apparently do two things that we need. The first is transitive permissions, where an organisation can carry its permissions and a user (in my example) can edit the details of where it provides a service. The second is that we can set those relationships to automatically enable the permissions when we set them.
It is a shame that as still a relatively green CiviCRM user (or administrator-without-technical-skills?) I did not fully appreciate the power of extensions.
What can happen now though is that 210 organisations can now safely pay their membership fees online if they choose to – and if I have set up the Drupal webform correctly.