Skip to content



This hook is called to allow custom permissions to be defined.


Available starting in 4.3, with permission descriptions supported starting in 4.6.

Before 4.7.21, extension permissions did not work properly in Joomla (see CRM-12059). CiviCRM would recognize the permission but not give site administrators any way to grant it to users.

These two hooks appear similar, but they serve different purposes:

  • hook_civicrm_permission: Defines new permissions. The permission will be fully available in configuration screens for CiviCRM/Drupal/WordPress/etc.
  • hook_civicrm_permissionList: Modifies the list of permissions presented in CiviCRM configuration. For example, this is used to import Drupal/WordPress permissions into CiviCRM configuration screens (without creating a funny loop).




  • $permissions: reference to an associative array of custom permissions that are implemented by extensions, modules and other custom code. This will be an empty array unless another implementation of hook_civicrm_permission adds items to it. Items may be added in one of two formats.

    • Simple associative array in the format "permission string => label". Compatible with CiviCRM 4.3+.
          $permissions['edit grant programs'] = ts('CiviCRM Grant Program: edit grant programs');
          $permissions['delete in Grant Program'] = ts('CiviCRM Grant Program: delete grant program');
    • A multidimensional array in the format "permission string => array(label, description)". Compatible with CiviCRM 4.6+. The first array item is the label for the permission. If a second array item is present, it will appear as a description beneath the permission.
          $permissions['edit grant programs'] = [
            ts('CiviCRM Grant Program: edit grant programs'),                     // label
            ts('CiviCRM Grant Program: Create or edit grant programs and their criteria'),  // description
          $permissions['delete in Grant Program'] = [
            ts('CiviCRM Grant Program: delete grant program'),                    // if no description, just give an array with the label


  • null

Conventions and Tips

In the examples, note the convention of using "delete in ComponentName" as the delete permission name.

For edit permissions, it is conventional to use the plural, such as "edit your items"; it is normal to use the singular for create permissions, such as "create new item".

Like in Drupal 6's hook_perm, there is no automatic namespacing for permissions, so one should adopt unique permission names.


The following example adds a permission access CiviMonitor:

function civimonitor_civicrm_permission(&$permissions) {
  $permissions['access CiviMonitor'] = [
    E::ts('Access CiviMonitor'),
    E::ts('Grants the necessary API permissions for a monitoring user without Administer CiviCRM'),