[OPEN-ILS-GENERAL] Problem with update_volume permissions

Mon Apr 24 16:43:30 EDT 2017

Jennifer,

Are you assigning a *Secondary Permission Group* to the user? Or are you
editing the *Main (Profile) Permission Group*? If it's a secondary, you may
be running into this bug:

https://bugs.launchpad.net/evergreen/+bug/1480432

If this is your issue, you can try setting your new permission group as the
user's main profile.

Hope this is helpful,
Michele

--
Michele M. Morgan, Technical Support Analyst
North of Boston Library Exchange, Danvers Massachusetts
mmorgan at noblenet.org

On Mon, Apr 24, 2017 at 4:26 PM, Walz, Jennifer <jlwalz at asbury.edu> wrote:

> Chris,
>
>
>
> Thanks for that information.   Currently we have the permission groups set
> up in a pretty flat tree:
>
>
>
>   Staff
>
> -        ACQ
>
> -        Cat
>
> -        Circ
>
> -        Cat admin
>
> -        Circ admin
>
> -        Tech workers
>
> -        ILL
>
> -        Etc
>
>
>
>   There are no further levels.
>
>
>
>    I was trying to create another one on the same level as the two Acq and
> Cat, but combined.  So, I was not going down another level.
>
>
>
>   And it looks to me like maybe they were ALL inheriting something from
> the staff level.  So, I will check that first.   But regardless of whatever
> is set at the cat, acq, tech workers, etc level, every single one of those
> users has  the individual user permission set lower still.
>
>
>
> Here is what I am seeing.   At the permission group editor – in the group
> permissions tab – I set the “update_volume” to the consortium level.   But
> when I go to the user account that has been assigned to that permission
> group, their individual user permission for “update_volume” is at the
> branch.   And I cannot change it or remove it at the user level.  It
> remains always at the branch.
>
>
>
>   I will look into the server permissions table.  Could be something is
> corrupted there.
>
>
>
> Thanks!
>
>
>
> Jennifer
>
>
>
> *From:* Open-ils-general [mailto:open-ils-general-
> bounces at list.georgialibraries.org] *On Behalf Of *Chris Sharp
> *Sent:* Monday, April 24, 2017 4:14 PM
> *To:* Evergreen Discussion Group
> *Subject:* Re: [OPEN-ILS-GENERAL] Problem with update_volume permissions
>
>
>
> Jennifer,
>
> Permissions are inherited.  Here's a sample permissions tree:
>
> Staff
>
>      - Catalogers
>
>           - AcqCataloger
>
>                - (individual user with the 'AcqCataloger' profile)
>
> Permissions can get assigned at any level in the tree, but if the
> permission is assigned at more than one level, the "lower down the tree"
> (towards the individual user) assignments override those assigned "higher
> up the tree" (towards "Staff").  For example, it sounds like the users
> being "downgraded" have the UPDATE_VOLUME permission assigned to them at
> the individual user level at a depth that is too low.  Since it's
> impossible to tell from the User Permission Editor interface what's what,
> you might need the assistance of systems staff with database access to do
> some cleanup.  The relevant table for user-assigned permissions is
> permission.usr_perm_map.
>
> By the way, in PINES we have tried to get away from assigning too many
> permissions at the individual user level, and the situation you're in is
> one of the reasons.
>
> I'll also share a tool we have that will show a profiles combined
> permissions (again, someone with database access would need to run it):
> http://git.evergreen-ils.org/?p=contrib/pines.git;a=blob;f=
> helper-scripts/get_combined_perms_per_profile.sh;h=
> 0c0b5f80c01fe417638cde2a02cb799f7c71fb46;hb=HEAD
>
> Once the script is created, it can be evoked with the permission group's
> name (e.g. "./get_combined_perms_per_profile AcqCataloger" to use the
> above example).  That might help you sort things out.
>
> Hope that's helpful!
>
> Chris
>
>
>
> On Mon, Apr 24, 2017 at 2:51 PM, Walz, Jennifer <jlwalz at asbury.edu> wrote:
>
> All –
>
>
>
>   We have set up a new permission group where we would like to combine the
> functions / permissions of the acquisitions and cataloging all into one.
> So, I created a new permissions group, and added all the permissions to
> that new group that looked like it dealt with both acq and cat functions.
> Then I assigned a new staff patron login to that permission group.
>
>
>
> Here is where we are running into a problem.  NO MATTER what depth I have
> assigned at the permission group level for the ‘update_volume’ permission,
> it keeps getting ‘downgraded’ to the lowest depth at the user permission
> level.   What is going on?  What am I missing?   This new staff person
> cannot make changes beyond the branch depth.  Why?
>
>
>
>   What other factors affect the ‘update_volume’ permissions?  Are there
> some other permissions that work in tandem?
>
>
>
>   BTW, I have already authorized this patron account to have working
> locations for the OU across the consortium / system / library depths.
>
>
>
>   Thanks!
>
>
>
> Jennifer
>
> --------------------------------------------------
> Jennifer Walz, MLS - Head of ILS permissions
> Kinlaw Library  - Asbury University
> 1 Macklem Drive, Wilmore, KY 40390
> 859-858-3511 ext. 2269 <(859)%20858-3511>
> jlwalz at asbury.edu
>
>
>
>
>
>
> --
>
> Chris Sharp
>
> PINES System Administrator
>
> Georgia Public Library Service
>
> 1800 Century Place, Suite 150
>
> Atlanta, Georgia 30345
> (404) 235-7147
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://libmail.georgialibraries.org/pipermail/open-ils-general/attachments/20170424/465fb0e5/attachment.html>