Published
Wednesday, June 2, 2010 - 15:01
Written by

As of now (version 3.1.5), CiviCRM limits finding and merging of duplicate records to users with the "Administer CiviCRM" permission. A recent thread on the forums points out that some organizations will want to allow that privilege to non-administrative users. Having a need for this myself, I'm looking for the best way to do it. If a reasonable solution can be found, I'm hoping the changes will make it into core at some point in the future.

From what I can tell, the heart of the matter is controlling access to two CiviCRM paths: civicrm/admin/deduperules and civicrm/admin/dedupefind. Since these are under civicrm/admin, they require "Administer CiviCRM" privileges.

My basic proposal for moving these into their own permission would include steps along these lines:

  1. Change these paths to civicrm/contact/deduperules and civicrm/contact/dedupefind, which probably means moving the path definitions out of Admin.xml and into Contact.xml.
  2. Add permissions for "Administer dedupe rules" and "Merge duplicate contacts" and tie these to the respective actions.
  3. In the CiviCRM "black bar" menu, move the "Find and Merge Duplicate Contacts" menu item from Admin > Manage to Contacts > . (I'm not sure what this menu is usually called in conversation, nor the process that builds it at install time.)

I hope readers of this post will point out any flaws you see in this idea. For example, I suspect there may be some issues with ACLs: up to now this feature has belonged only to admin, so the code for merging duplicates probably doesn't bother checking ACLs; however if we give this feature to non-admin users, ACLs will surely come into play. I would think that dupes would not be found outside of the contacts that are visible to the current user, and duplicates could not be merged unless both are deletable.

If there are other potential headaches I've not foreseen, please mention them in the comments, along with any ideas you have on implementation or any other thoughts on the topic.

Filed under

Comments

at least, our clients would love to have it. the only thing i would propose differently is that instead of tying "find and merge duplicates" to "access CiviCRM" permissions, we add a separate permission for this. more, granular, permissions i think are required generally..

Point #2 is: Add permissions for "Administer dedupe rules" and "Merge duplicate contacts".

Definitely don't want to give this permission to just anybody. (BTW, I've edited the post to make that point a little clearer.)

Would definitely make sense to have a rule for access to dedupe and move it under contact in the navigation menu.

Not too sure about the admin rules (is admin generic enough ?) but probably doesn't hurt to add it as a separate rule.

X+

Allen expresses this concern in his blog. I note that when I edit a contact who matches another via the dedupe rules, I can choose to merge the two contacts. So perhaps the dedupe logic does consider ACLs (I can't tell because I use Joomla).

FYI, I've added a support ticket for this feature
http://issues.civicrm.org/jira/browse/CRM-6330.