[OPEN-ILS-GENERAL] Create item/call# records without permissions

Durrence, April april.durrence at ncdcr.gov
Tue Nov 19 13:52:57 EST 2019 

Hi all,

I wanted to ask for feedback on an issue we recently uncovered. We recently upgraded from Evergreen 3.1 to 3.3 and implemented a complete revamp of our permission structure to include a strict requirement that anyone who creates/deletes items or bibs must pass cataloging assessments. However, we have found that staff can create new volume/call# and item records with only the permissions granted to Circulator, which do not include CREATE_VOLUME or CREATE_COPY. These should be the permissions checked before Evergreen permits a user to create a new item or call# record, right? I don't see any other permissions that should supersede those, but am I missing something?

I created a bug with links to our permissions list and examples from two different test databases (running 3.1 and 3.3) where I was able to create new holdings without having CREATE_VOLUME or CREATE_COPY permissions: https://bugs.launchpad.net/evergreen/+bug/1853062

Any testing/feedback/confirmation that anyone is willing to provide would be most welcome.

Thanks!

April

April Durrence
NC Cardinal Training Specialist
NC Dept. of Natural and Cultural Resources
919.814.6794 | april.durrence at ncdcr.gov
109 East Jones Street | 4640 Mail Service Center
Raleigh, North Carolina 27699-4600
Facebook<http://www.facebook.com/NorthCarolinaCulture>  Twitter<http://www.twitter.com/ncculture>  Instagram<http://www.instagram.com/ncculture>  YouTube<http://www.youtube.com/ncculture>  Website<https://statelibrary.ncdcr.gov/>
[A close up of a logo  Description automatically generated]
Email correspondence to and from this address is subject to the North Carolina Public Records Law and may be disclosed to third parties.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://libmail.georgialibraries.org/pipermail/open-ils-general/attachments/20191119/f704f4d1/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 49715 bytes
Desc: image001.jpg
URL: <http://libmail.georgialibraries.org/pipermail/open-ils-general/attachments/20191119/f704f4d1/attachment-0001.jpg>

More information about the Open-ils-general mailing list