Add Section Security To Bulk Update

Add Section Security To Bulk Update


The problem I'm trying to solve can be seen in this Github thread, but the TL;DR is that today, if you have View access to the Bulk Update block, you can potentially bulk update things you otherwise should not have access to.

The scenario we ran into is that we do NOT allow all Staff Workers to edit certain Person details such as Record Status and Connection Status. Only a smaller subset of Staff can edit those in our org, which is easily accomplished via the extra Verbs on the Edit Person block, such as Edit Record Status and Edit Connection Status.

However, even if you're DENIED the ability to edit those Person properties on the Edit Person block itself, just by having View access to the Bulk Update page, you now HAVE the ability to circumvent that denial and update those properties indirectly... whether intentionally or accidentally.

The "obvious" solution is to only allow that same subset of Staff to View the Bulk Update page at all, but that's a VERY blunt instrument, because it would also take away the ability to bulk update things all Staff Workers SHOULD be able to update, like Group Membership or Tags. (We had a staff person thinking they were inactivating a bunch of people in a group when they ACTUALLY inactivated their records... all because they got confused and were allowed to edit data they shouldn't... yet they SHOULD be allowed to bulk update Group membership, so removing View to the page is not the answer!)

Whew. All that brings me to this proposed solution. Simply (I say "simply" as I have no idea how difficult it might be) enhance the Bulk Update block to allow the various "sections" to each have its own security. Here's what I mean:

This is probably harder than I'm making it look, because those are (I assume) just simple accordions hiding/showing the controls and there really aren't any "categories", but I'm hoping the block could be enhanced in this way. It would at least allow us to control which roles have access to certain sections/categories, and it would NOT involve some crazy rights inheritance evaluation to check the Edit Record/Connection Status properties.

Photo of Jim MichaelSubmitted by Jim Michael, The Crossing  ·   ·  CRM
Login to add a comment...

Submission Success Tips

Cultivate your ideas for maximum impact with these helpful submission tips that will increase the chances of your brilliant concepts becoming reality.

  • Clear Title: Craft a straightforward and descriptive title that instantly conveys the essence of your idea.
  • Concise Description: Provide an idea description that is succinct, ensuring it effectively communicates the concept without unnecessary verbosity.
  • Provide Additional Details: With a concise description complete, now provide any other details that are needed to better understand the requirements.
  • Thorough Ministry Need Review: Provide a comprehensive overview of the ministry need your idea addresses, emphasizing its significance.
  • Cover the WHY: Clearly articulate the rationale behind your idea, explaining why it's essential and how it aligns with the organization's goals and mission. Oftentimes a clear "why" sheds light into other possible options.