Hey there User Group/Control Group Security gurus!
I'm wondering what options exist for restricting user access to contributions on a per-contribution basis. That is, presuming a user has access to the contributions module and the ability to make adjustments to contributions, how can they be prevented from doing so on a per-contribution basis?
My current understanding is that control groups can be applied to funds, and if the current user group is not assigned to this control group, contributions to this fund will not be visible in the contributions tab nor accessible for adjustments. Or, if the control group is assigned but view rights are not enabled, contributions to this fund will be visible in the contributions tab but not accessible for adjustments. But, this is still on a per-fund basis.
Are there any other options for restricting access to contributions for adjustments? I am somewhat surprised to note that contributions can be adjusted even if they were to a campaign that has closed.
Aha, I also note I can restrict adjustments on a per-constituent basis by applying security relative to constituency codes.
Presuming I am not missing anything, is this basically an indicator that the only people with access to the contributions module should be those who REALLY know what they're doing? Might be time to write a bunch of training material...
This question is related to another that I'm going to post in the development forum shortly.
Hi Nick,
A rather awkward workaround idea - what about excluding adjustments from your regular user groups and having an adjustments-permitted user group? It would require an awareness on the user's part, if they had to re-login in order to perform an adjustment; and the privileges could be limited to users you know have the training/expertise to perform adjustments. Not an elegant solution, I know.
I would love to see (enhancement idea?!) a way to "lock" individual contributions, avoiding the need for broader, clumsier workarounds.
I'm interested to hear what others suggest!
--Stacey