What is it?
Access Control Lists (ACLs) allow you to segment your database, so some people only see a subset of the contacts. It is one of the two ways you can control permissions.
This feature was designed for a very specific use case: a national organization with geographically based chapters. With the standard use case, each chapter organizer only can see the contacts in their chapter. Whereas, the national organizer can access all the contacts in the database.
How does it work?
ACLs works by defining a smart group based on a search, e.g. everyone with a primary address in the state of New York. This group would be named the ACL New York Group. Then, you define a regular group of contacts that have access to this group (e.g. the individuals with logins who should only be able to access the New York chapter members). This group would be the New York Admin group.
When a user in the New York Admin group logs in, they can only see the contacts in the ACL New York Group.
What could go wrong?
This feature works well if the New York Admin group has very limited data entry needs.
However, it comes with a lot of weirdness and pain if you move beyond very basic uses of your database. Some examples:
- Because restrictions are based on groups, ACLs restrict access to the Powerbase groups feature. As a result, members of the New York Admin team can only access groups that their user has created. For example, if you, as a site wide admin, try to help them out by creating a group for them, they won't see that group when they login. If there are two members in the New York Admin group and one of them creates a helpful smart group, the other person won't see it.
- Similarly, if one person in the New York Admin group creates a Newsletter email group and sends a CiviMail to this group, the second person in the New York Admin group won't even see the mailing because they don't have access to the group to which it was sent.
- In contrast, you see all events. There is no way to restrict the event listing to events you have created or members of the New York Admin group have created. You won't see people registered for the events unless they are in the ACL New York group, but you still see all the events which can be confusing.
- Deduping doesn't work as effectively. If you are in a restricted group, the database won't be able to warn you that you are entering a duplicate because you might not have access to the other record.
- You can add a new contact and then not be able to access it. If your restricted group is based on everyone with an address in New York and you add someone without an address, they will be inserted into the database and then, from your perspective, completely disappear. With ACLs you have to define specific data entry forms to ensure the field that puts the contact into the right group is properly entered.
- Training is hard. With ACLs, the behavior of the database is very different depending on what access you have. When some staff are ACL restricted and others are not, it inhibits peer-to-peer learning.
Final verdict
Some Powerbase groups are using ACLs, but most groups that try ACLs eventually decide not to use them because of the restrictions.
To make a decision for your group, it's important to weight the importance of ease of use and simplicity versus trust and privacy.