Permissions

Permissions for SearchKit/FormBuilder is a combination of settings in: - SearchKit - FormBuilder - CMS User roles (CiviCRM functionalities) - ACL roles (Fine grained permissions)

SearchKit

An “Enforce Permissions/ Bypass permissions” button on the top of your display is available on every display you create in your search (table, grid, …).

This is a toggle. The displayed text indicates the current state:

• Enforce permissions Respects the existing permissions defined in CiviCRM. Access control can be set at various levels including roles in your content management system (CMS) and specific actions controlled via CiviCRM’s more detailed ACL controls. For more on this topic see Permissions and Access Control.

• Bypass permissions Anyone who can view this display will be able to see all results, regardless of their permission level. This can be very useful as you see below, but you should be very careful what you expose.

  

  

FormBuilder

For both Search forms and Submission forms:

• There is a permission on the form settings tab. It is the permission required to use the form.

• Multiple permissions can be joined using “and” to require all, or “or” to require only one of the listed permissions.

• The available permissions are a combination of CMS role permissions (e.g. WordPress : delete_pages) and CiviCRM permissions (e.g. CiviContribute: Access CiviContribute). Either or both can be used in this field.

• There is one general permission: “Generic: Allow all users (including Anonymous)”. This permission allows the form to be used by everybody.