https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=32971 Bug ID: 32971 Summary: Access to ERM module requires 'erm' permission and 'vendors_manage' acquisition sub-permission Change sponsored?: --- Product: Koha Version: master Hardware: All OS: All Status: In Discussion Severity: enhancement Priority: P5 - low Component: ERM Assignee: jonathan.druart+koha@gmail.com Reporter: pedro.amorim@ptfs-europe.com CC: jonathan.druart+koha@gmail.com, jonathan.field@ptfs-europe.com, martin.renvoize@ptfs-europe.com, pedro.amorim@ptfs-europe.com, tomascohen@gmail.com Depends on: 32968 To reproduce: - Enable ERMModule - Login as a staff member that only has 2 permissions: -- catalogue (required for staff login) -- erm - Access erm page, check the 403 forbidden error This happens because ERM module is requesting the /api/v1/acquisitions/vendors api endpoint which in turn requires the vendors_manage sub-permission (see acquisitions_vendors.yaml). If you enable the acquisition vendors_manage sub-permission for that user, you're able to confirm that you can now access the ERM module as expected. Ideally, having just the 'erm' permission should be enough to be granted access to ERM. Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=32968 [Bug 32968] Create granular permissions for ERM -- You are receiving this mail because: You are watching all bug changes.