https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29523 --- Comment #163 from Martin Renvoize <martin.renvoize@ptfs-europe.com> --- Regarding permissions.. So long as your user does not have 'view_borrower_infos_from_any_libraries' permission and they're not in a library group with other libraries and permission to view users within the group.. said user should receive a redacted copy of any user who resides in another library than their own when fetching them from the API via a search or an embed. (I believe we still return a 404 should they try to retrieve such a borrower directly however..?) So.. in short.. create a user (patron A) in one library with the catalogue permission only. Create some other patrons in other libraries. Test the API using patron A for login and confirm that your other patrons are returned in a redacted form (with most fields set to 'null' in the json response). -- You are receiving this mail because: You are watching all bug changes.