Skip to content

Standalone: users and roles

General issue to discuss user management, roles and permissions.

There was a discussion in Manchester about this. At first we explored the idea of using CiviCRM groups to manage permissions, but there was a lot of discomfort because of the (lack of) security around groups and how it could end up adding a lot of extra complexity. Of course, maybe an implement or another might prove one way or another.

So far one WIP branch by @DaveD proposes creating civicrm_user with an ID, username, password and maybe email. While testing, I managed to get it working by also adding a record in the civicrm_uf_match table (for authx http logins), to link that user to a contact.

Presumably we would also have civicrm_user_role (ex: admin, staff, member) and civicrm_user_permission (ex: "admin" has the "Administer CiviCRM" permission).

And then we would have the same permission grid similar to what CiviCRM has for WordPress role management (in that case, it adds WordPress capabilities, but in this case, it would add records in civicrm_user_permission).

cc @DaveD @artfulrobot @JoeMurray

Related meta: #2998 (closed)

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information