Hi All, While looking at the release notes for 3.14, under item 12.1.8 Reports - Security Enhancements, the notes mention that report output visibility is optional but after upgrading locally, it became required. I'm unsure if this is because we updated our config files to the specs that the community base code offers in the config examples. Can anyone shed light into where this change is specifically/how to "turn it off"?
Would it be the "Require valid-user" bit within the VIEW_REPORT_OUTPUT portion in eg_vhost or something with that section? Thanks! https://evergreen-ils.org/documentation/release/RELEASE_NOTES_3_14.html "In addition to report content security restrictions, report output visibility is now, optionally, restricted based on whether the accessing user either owns the report output, or they have at least the VIEW_REPORT_OUTPUT permission at a location to which the folder in which the output lives has been shared. Administrators can add additional required permissions via the OILSProxyPermissions Apache configuration value in the report output <Location> section of the eg_vhost configuration file." -- Gina Monti (she/her) Evergreen Systems Manager Bibliomation, Inc. (203) 577-4070 ext. 109 English, American Sign Language
_______________________________________________ Evergreen-general mailing list -- [email protected] To unsubscribe send an email to [email protected]
