[OPEN-ILS-GENERAL] Permission Groups

Sharp, Chris csharp at georgialibraries.org
Tue Feb 15 17:21:46 EST 2011


Hey Tim,

> The goal is to prevent library staff from creating, deleting, editing
> network staff accounts and academic patron records. I have listed
> below my setup. However, when I give the permission "
> group_application.user.patron.publics" and remove the permission "
> group_application.user" the user is unable to register any patrons.
> Those accounts with the everything permission can do everything so I'm
> assuming I'm doing something wrong with my permissions.

The "group_application" permissions are to be given to users who create other users and grant permission profiles.  So all staff that you want to be able to create (any kind of) users need to have "group_application.user."  You would then (in addition) give the users who need to grant the "Publics" profile to other users the "group_application.user.patron.publics" permission (they would probably also need the "group_application.user.patron" permission as well for this to work, since this is a hierarchical permissions scheme).

So for staff who you want to be able to grant/edit network staff accounts, you would want to give that group "group_application.user", "group_application.user.staff" and "group_application.user.staff.network" permissions.  For those you want to restrict, just don't give them those permissions.

That's my understanding of how that works.

-- 
Chris Sharp
PINES Program Manager
Georgia Public Library Service
1800 Century Place, Suite 150
Atlanta, Georgia 30345
(404) 235-7147
csharp at georgialibraries.org
http://pines.georgialibraries.org/


More information about the Open-ils-general mailing list