Skip to content
GitLab
Projects Groups Topics Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • CiviCRM Core CiviCRM Core
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Graph
    • Compare revisions
  • Issues 1,180
    • Issues 1,180
    • List
    • Boards
    • Service Desk
    • Milestones
  • Deployments
    • Deployments
    • Releases
  • Wiki
    • Wiki
  • Activity
  • Graph
  • Create a new issue
  • Commits
  • Issue Boards
Collapse sidebar
  • DevelopmentDevelopment
  • CiviCRM CoreCiviCRM Core
  • Issues
  • #4053
Closed
Open
Issue created Dec 28, 2022 by bgm@bgmOwner

Standalone: users and roles

General issue to discuss user management, roles and permissions.

There was a discussion in Manchester about this. At first we explored the idea of using CiviCRM groups to manage permissions, but there was a lot of discomfort because of the (lack of) security around groups and how it could end up adding a lot of extra complexity. Of course, maybe an implement or another might prove one way or another.

So far one WIP branch by @DaveD proposes creating civicrm_user with an ID, username, password and maybe email. While testing, I managed to get it working by also adding a record in the civicrm_uf_match table (for authx http logins), to link that user to a contact.

Presumably we would also have civicrm_user_role (ex: admin, staff, member) and civicrm_user_permission (ex: "admin" has the "Administer CiviCRM" permission).

And then we would have the same permission grid similar to what CiviCRM has for WordPress role management (in that case, it adds WordPress capabilities, but in this case, it would add records in civicrm_user_permission).

cc @DaveD @artfulrobot @JoeMurray

Related meta: #2998

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking