[Koha-bugs] [Bug 23108] staffaccess permission can be easily circumvented
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Thu Jun 20 02:34:39 CEST 2019
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23108
Jonathan Druart <jonathan.druart at bugs.koha-community.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jonathan.druart at bugs.koha-c
| |ommunity.org
--- Comment #1 from Jonathan Druart <jonathan.druart at bugs.koha-community.org> ---
(In reply to Andrew from comment #0)
> BUT: A user without the staffaccess permission can simply change a Staff
> user to a new non-staff patron category and then make changes to permissions
> and/or password.
Hi Andrew, are you aware of the pref ProtectSuperlibrarianPrivileges?
With the pref turned on (default) what you describe should not be allowed.
--
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
More information about the Koha-bugs
mailing list