https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=37228 Bug ID: 37228 Summary: API endpoint to set password for patron requires full borrowers permission, but should only require 'edit_borrowers' Change sponsored?: --- Product: Koha Version: Main Hardware: All OS: All Status: NEW Severity: normal Priority: P5 - low Component: REST API Assignee: koha-bugs@lists.koha-community.org Reporter: emily.lamancusa@montgomerycountymd.gov CC: tomascohen@gmail.com On the staff side, a user with only edit_borrowers permission can change the password on a patron account. That should be sufficient for changing the password via API as well. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.