Thanks for that information.   Currently we have the permission groups set up 
in a pretty flat tree:


-        ACQ

-        Cat

-        Circ

-        Cat admin

-        Circ admin

-        Tech workers

-        ILL

-        Etc

  There are no further levels.

   I was trying to create another one on the same level as the two Acq and Cat, 
but combined.  So, I was not going down another level.

  And it looks to me like maybe they were ALL inheriting something from the 
staff level.  So, I will check that first.   But regardless of whatever is set 
at the cat, acq, tech workers, etc level, every single one of those users has  
the individual user permission set lower still.

Here is what I am seeing.   At the permission group editor – in the group 
permissions tab – I set the “update_volume” to the consortium level.   But when 
I go to the user account that has been assigned to that permission group, their 
individual user permission for “update_volume” is at the branch.   And I cannot 
change it or remove it at the user level.  It remains always at the branch.

  I will look into the server permissions table.  Could be something is 
corrupted there.



From: Open-ils-general 
[] On Behalf Of Chris 
Sent: Monday, April 24, 2017 4:14 PM
To: Evergreen Discussion Group
Subject: Re: [OPEN-ILS-GENERAL] Problem with update_volume permissions

Permissions are inherited.  Here's a sample permissions tree:
     - Catalogers
          - AcqCataloger
               - (individual user with the 'AcqCataloger' profile)
Permissions can get assigned at any level in the tree, but if the permission is 
assigned at more than one level, the "lower down the tree" (towards the 
individual user) assignments override those assigned "higher up the tree" 
(towards "Staff").  For example, it sounds like the users being "downgraded" 
have the UPDATE_VOLUME permission assigned to them at the individual user level 
at a depth that is too low.  Since it's impossible to tell from the User 
Permission Editor interface what's what, you might need the assistance of 
systems staff with database access to do some cleanup.  The relevant table for 
user-assigned permissions is permission.usr_perm_map.
By the way, in PINES we have tried to get away from assigning too many 
permissions at the individual user level, and the situation you're in is one of 
the reasons.
I'll also share a tool we have that will show a profiles combined permissions 
(again, someone with database access would need to run it):;a=blob;f=helper-scripts/;h=0c0b5f80c01fe417638cde2a02cb799f7c71fb46;hb=HEAD
Once the script is created, it can be evoked with the permission group's name 
(e.g. "./get_combined_perms_per_profile AcqCataloger" to use the above 
example).  That might help you sort things out.
Hope that's helpful!

On Mon, Apr 24, 2017 at 2:51 PM, Walz, Jennifer 
<<>> wrote:
All –

  We have set up a new permission group where we would like to combine the 
functions / permissions of the acquisitions and cataloging all into one.  So, I 
created a new permissions group, and added all the permissions to that new 
group that looked like it dealt with both acq and cat functions.  Then I 
assigned a new staff patron login to that permission group.

Here is where we are running into a problem.  NO MATTER what depth I have 
assigned at the permission group level for the ‘update_volume’ permission, it 
keeps getting ‘downgraded’ to the lowest depth at the user permission level.   
What is going on?  What am I missing?   This new staff person cannot make 
changes beyond the branch depth.  Why?

  What other factors affect the ‘update_volume’ permissions?  Are there some 
other permissions that work in tandem?

  BTW, I have already authorized this patron account to have working locations 
for the OU across the consortium / system / library depths.


Jennifer Walz, MLS - Head of ILS permissions
Kinlaw Library  - Asbury University
1 Macklem Drive, Wilmore, KY 40390
859-858-3511 ext. 2269<tel:(859)%20858-3511><>

Chris Sharp
PINES System Administrator
Georgia Public Library Service
1800 Century Place, Suite 150
Atlanta, Georgia 30345
(404) 235-7147

Reply via email to