Hiding sensitive contributions from some staff

2016-11-08 11:59
Written by

Some contributions to your organization might be sensitive if widely known. For example, a planned bequest might need to be kept quite confidential since the donor wants to keep its existence private from other possible inheritors or to remain anonymous about their large donation. Or you might want to restrict viewing of membership contributions to the Membership staff, and events registration contributions to your Events organizer.

The fewer people who have access to confidential information the better. Staff turnover in memberships, event organizing, or even volunteer access to some contribution information to help with receipts or fulfillment might endanger the needed confidentiality for sensitive bequests.

A little known feature was added to CiviCRM back in April to support hiding some contributions from some staff.

If you are a permissioned administrator you can navigate to Administer > CiviContribute > CiviContribute Component Settings, and enable Access Control for Financial Types. Once you've saved that setting, you can use CiviCRM's roles-based permissioning system to control which roles can access each financial type.

Navigate to Administer > Users and Permissions > Permissions (Access Control), then click on Drupal or WordPress Access Control. Towards the end of the list of CiviCRM permissions there will now be four separate permissions for Add, View, Edit and Delete actions for each of the existing financial types. Click to enable the appropriate permissions for each role and then save at the bottom of the long form. Typically, you'll want a special role to get access to the restricted financial type, for example, Bequests, and other staff roles to be granted access to the types of contributions relevant to their work. 

Once these permissions are setup, users only see financial types and contributions that they have permission to see. These permissions are respected in Advanced Search, Search Builder, Find Contributions, and reports.

Thanks to Imagine Children's Museum for sponsoring this new feature, and to Stuart Gaston at Korlon for facilitating its development in a general manner in CiviCRM for everyone to use.


Joe - thanks for adding this terrific feature to our beloved software!

One of my customers has already expressed the need for restricting donations visibility to the fundraising staff, which is exactly covered by this new feature, and I have no doubt it will shortly be used by some other of my customers as 'it just makes perfect sense' ...

You really are the boss when it comes to accounting and financial management with CiviCRM!