[OPEN-ILS-GENERAL] Problem with update_volume permissions

Chris Sharp csharp at georgialibraries.org
Mon Apr 24 16:13:38 EDT 2017 

Jennifer,

Permissions are inherited.  Here's a sample permissions tree:

Staff
     - Catalogers
          - AcqCataloger
               - (individual user with the 'AcqCataloger' profile)

Permissions can get assigned at any level in the tree, but if the
permission is assigned at more than one level, the "lower down the tree"
(towards the individual user) assignments override those assigned "higher
up the tree" (towards "Staff").  For example, it sounds like the users
being "downgraded" have the UPDATE_VOLUME permission assigned to them at
the individual user level at a depth that is too low.  Since it's
impossible to tell from the User Permission Editor interface what's what,
you might need the assistance of systems staff with database access to do
some cleanup.  The relevant table for user-assigned permissions is
permission.usr_perm_map.

By the way, in PINES we have tried to get away from assigning too many
permissions at the individual user level, and the situation you're in is
one of the reasons.

I'll also share a tool we have that will show a profiles combined
permissions (again, someone with database access would need to run it):
http://git.evergreen-ils.org/?p=contrib/pines.git;a=blob;f=helper-scripts/get_combined_perms_per_profile.sh;h=0c0b5f80c01fe417638cde2a02cb799f7c71fb46;hb=HEAD

Once the script is created, it can be evoked with the permission group's
name (e.g. "./get_combined_perms_per_profile AcqCataloger" to use the above
example).  That might help you sort things out.

Hope that's helpful!

Chris

On Mon, Apr 24, 2017 at 2:51 PM, Walz, Jennifer <jlwalz at asbury.edu> wrote:

> All –
>
>
>
>   We have set up a new permission group where we would like to combine the
> functions / permissions of the acquisitions and cataloging all into one.
> So, I created a new permissions group, and added all the permissions to
> that new group that looked like it dealt with both acq and cat functions.
> Then I assigned a new staff patron login to that permission group.
>
>
>
> Here is where we are running into a problem.  NO MATTER what depth I have
> assigned at the permission group level for the ‘update_volume’ permission,
> it keeps getting ‘downgraded’ to the lowest depth at the user permission
> level.   What is going on?  What am I missing?   This new staff person
> cannot make changes beyond the branch depth.  Why?
>
>
>
>   What other factors affect the ‘update_volume’ permissions?  Are there
> some other permissions that work in tandem?
>
>
>
>   BTW, I have already authorized this patron account to have working
> locations for the OU across the consortium / system / library depths.
>
>
>
>   Thanks!
>
>
>
> Jennifer
>
> --------------------------------------------------
> Jennifer Walz, MLS - Head of ILS permissions
> Kinlaw Library  - Asbury University
> 1 Macklem Drive, Wilmore, KY 40390
> 859-858-3511 ext. 2269 <(859)%20858-3511>
> jlwalz at asbury.edu
>
>
>



-- 
Chris Sharp
PINES System Administrator
Georgia Public Library Service
1800 Century Place, Suite 150
Atlanta, Georgia 30345
(404) 235-7147
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://libmail.georgialibraries.org/pipermail/open-ils-general/attachments/20170424/76c96a65/attachment.html>

More information about the Open-ils-general mailing list