[Koha-bugs] [Bug 12793] New: Breaking up IndependentBranches syspref to support finer staff permissions granularity

bugzilla-daemon at bugs.koha-community.org bugzilla-daemon at bugs.koha-community.org
Wed Aug 20 18:22:21 CEST 2014 

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=12793

            Bug ID: 12793
           Summary: Breaking up IndependentBranches syspref to support
                    finer staff permissions granularity
 Change sponsored?: Seeking cosponsors
           Product: Koha
           Version: master
          Hardware: All
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P5 - low
         Component: Architecture, internals, and plumbing
          Assignee: gmcharlt at gmail.com
          Reporter: jsasse at plumcreeklibrary.net
        QA Contact: testopia at bugs.koha-community.org
                CC: kyle at bywatersolutions.com, nick at quecheelibrary.org

Currently, if the IndependentBranches system preference is turned off, all
staff regardless of library location have access to edit/delete items and
patrons belonging to other libraries. Also, if you allow staff access to the
calendar and notices & slips tools, they have access to all libraries'
calendars and notices. There's too much potential for misuse here, either
intentional or unintentional. 

Another serious permissions issue is the ability of any staff member to change
their library location at will. Staff should not be able to change their
library location unless explicitly given that permission. There's too much
potential here for misuse as well, either intentional or unintentional.

Simply put, library staff should only have the permissions required to perform
their job duties, nothing more. Koha currently gives staff far too many
permissions, particularly with regard to items and settings belonging to other
libraries.

The IndependentBranches syspref is far too restrictive to be useful for
resource sharing consortia. It needs to be broken down for more granular
control. For example, library staff in my consortium need to be able to edit
patron info because many patrons use multiple libraries but they should not be
able to edit items belonging to another library, including using the batch
modification tool. 

My suggestions as a starting point would be to consider the following global
system preferences under Administration:

Library staff may edit items belonging to other libraries (yes/no)
Library staff may edit patrons belonging to other libraries (yes/no)
Library staff may cancel holds of patrons belonging to other library (yes/no)
Library staff may change their location (yes/no)
Library staff may edit (only their own/all) notices
Library staff may edit (only their own/all) calendars

This assumes that the staff member is given the appropriate individual
permissions under borowers, reserveforothers, editcatalogue and tools sections.
I'm sure there are better ways to accomplish the permissions goals than the
above; they are just suggestions to get the ball rolling.

-- 
You are receiving this mail because:
You are watching all bug changes.

More information about the Koha-bugs mailing list