[Koha-bugs] [Bug 12793] New: Breaking up IndependentBranches syspref to support finer staff permissions granularity
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Wed Aug 20 18:22:21 CEST 2014
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=12793
Bug ID: 12793
Summary: Breaking up IndependentBranches syspref to support
finer staff permissions granularity
Change sponsored?: Seeking cosponsors
Product: Koha
Version: master
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5 - low
Component: Architecture, internals, and plumbing
Assignee: gmcharlt at gmail.com
Reporter: jsasse at plumcreeklibrary.net
QA Contact: testopia at bugs.koha-community.org
CC: kyle at bywatersolutions.com, nick at quecheelibrary.org
Currently, if the IndependentBranches system preference is turned off, all
staff regardless of library location have access to edit/delete items and
patrons belonging to other libraries. Also, if you allow staff access to the
calendar and notices & slips tools, they have access to all libraries'
calendars and notices. There's too much potential for misuse here, either
intentional or unintentional.
Another serious permissions issue is the ability of any staff member to change
their library location at will. Staff should not be able to change their
library location unless explicitly given that permission. There's too much
potential here for misuse as well, either intentional or unintentional.
Simply put, library staff should only have the permissions required to perform
their job duties, nothing more. Koha currently gives staff far too many
permissions, particularly with regard to items and settings belonging to other
libraries.
The IndependentBranches syspref is far too restrictive to be useful for
resource sharing consortia. It needs to be broken down for more granular
control. For example, library staff in my consortium need to be able to edit
patron info because many patrons use multiple libraries but they should not be
able to edit items belonging to another library, including using the batch
modification tool.
My suggestions as a starting point would be to consider the following global
system preferences under Administration:
Library staff may edit items belonging to other libraries (yes/no)
Library staff may edit patrons belonging to other libraries (yes/no)
Library staff may cancel holds of patrons belonging to other library (yes/no)
Library staff may change their location (yes/no)
Library staff may edit (only their own/all) notices
Library staff may edit (only their own/all) calendars
This assumes that the staff member is given the appropriate individual
permissions under borowers, reserveforothers, editcatalogue and tools sections.
I'm sure there are better ways to accomplish the permissions goals than the
above; they are just suggestions to get the ball rolling.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list