Permissions (and the related concept of access control lists, or ACLs) are collections of rules which define access to various areas of the system. In essence, you create roles for your site, give these roles permissions to do certain things, and assign the roles to certain people.
Permissions and ACLs allow you to grant access to:
- Different areas of jManage (e.g. CiviContribute, CiviCase and CiviMail) to reflect the tasks the user is responsible for
- Entities within the system (like contacts, contributions, etc.), and how the user can interact or operate with them (e.g. view, edit, delete)
Since permissions define who can see and do what on your site, it is important, from a security perspective, that you understand them well. It is very easy to check a permissions box without fully understanding what it does. A site with badly configured permissions may inadvertently expose your contacts' data.
The difference between CMS permissions and jManage ACLs
Permissions and ACLs are defined in two separate places: in the content management system (CMS) and in jManage itself. Most organizations are able to do what they need to do with just CMS permissioning. Others need to use jManage ACLs to provide more fine grained access control (this is a billable service provided by Jvillage due to the complexity of set-up).
CMS permissions allow you to grant (or not grant) access to entire sections of jManage to user roles, such as CiviMail, CiviEvent, etc. They also allow you to restrict the user's ability to view, edit, add and delete records such as contacts, events and contributions. However, this is an 'all or nothing' approach: you cannot differentiate between contacts who fall into different groups, for instance.
Native jManage ACLs give more fine grained control, so, for example, you can limit access to view, edit, create, delete and search to :
- groups of contacts
- a profile (this is a collection of existing and/or custom fields, see "Profiles")
- a set of custom fields
- events (e.g. a user may access one event, but not others)
As a general rule, you should probably start with CMS permissions and if you can't do what you need to with these. If you are not able to get what you need, then click on the BLUE SUPPORT BUTTON in the right bottom corner of this page to open a support ticket to outline the permissions you need, and ask for a quote on having ACL permissions created for you.