Proposal: "Administer CiviContribute" and "Administer CiviMail" permissions.
Over the years, we've added permissions such that no menu option outside of the "Administer" menu needs the "Administer CiviCRM" permission. There's a valid use case for allowing a fundraising staffer to administer contribution pages without giving them access to administer all of CiviCRM, particularly in a multi-site configuration. Likewise, a communications staffer shouldn't need administrative permissions to edit headers/footers.
I ran the following SQL to identify menu items outside of the Administer menu that require Administer CiviCRM (110
is the id for the "Administer CiviCRM" menu):
SELECT label
FROM civicrm_navigation WHERE NOT (
parent_id = 110
OR parent_id IN (SELECT id from civicrm_navigation WHERE parent_id = 110)
OR parent_id IN (SELECT id from civicrm_navigation WHERE parent_id IN (select id from civicrm_navigation WHERE parent_id = 110))
)
AND permission LIKE '%administer CiviCRM%';
This yields:
+------------------------------------------+
| label |
+------------------------------------------+
| New Contribution Page |
| Manage Contribution Pages |
| Personal Campaign Pages |
| Premiums (Thank-you Gifts) |
| New Price Set |
| Manage Price Sets |
| Personal Campaign Pages |
| Headers, Footers, and Automated Messages |
| From Email Addresses |
| New Price Set |
| Manage Price Sets |
| Developer |
| Api Explorer v3 |
| Developer Docs |
| Contact Reports |
| Api Explorer v4 |
+------------------------------------------+
The Support » Developer items are fine as-is. "New Contribution Page", "Manage Contribution Pages", "Personal Campaign Pages", "Premiums", "New Price Set", and "Manage Price Sets" should all be granted under "Administer CiviContribute". "Headers, Footers and Automated Messages" and "From Email Addresses" should be granted with "Administer CiviCRM".
The only question I have is how to deal with PCPs and price sets being applicable to both events and contributions. Rather than make things overly complicated, perhaps "Administer CiviContribute" should be "Administer online payment pages" instead.
If this gets approval, I can submit the work.