A quick glance at the code seems to support your general theory.  I don’t see 
any references to CREATE_VOLUME or CREATE_COPY in the perl code (except in the 
serials code), but I see several references to UPDATE_VOLUME and UPDATE_COPY.  
I’ll add some initial details to the LaunchPad bug, in hopes that someone else 
can take it further.


Remington Steed
Electronic Resources Specialist
Hekman Library, Calvin University

From: Open-ils-general <> On 
Behalf Of Aubrey Area Library
Sent: Tuesday, November 19, 2019 7:48 PM
To: Evergreen Discussion Group <>
Subject: Re: [OPEN-ILS-GENERAL] Create item/call# records without permissions

Hey April,

Our consortium is currently in the process of overhauling our permissions as 
well, using yall as a base.

After looking over it, I wonder if the UPDATE_COPY permission might the the 
culprit here. It is the only permission in the Circulator group that looks like 
it may be the cause outside of a bug. Unfortunately we haven't got as far as 
setting up new groups for testing. Give it a shot and let me know as this is 
definitely something to know since we are in a similar boat with similar goals.

Jordan Woodard
Aubrey Area Library

On Tue, Nov 19, 2019 at 12:53 PM Durrence, April 
<<>> wrote:
Hi all,

I wanted to ask for feedback on an issue we recently uncovered. We recently 
upgraded from Evergreen 3.1 to 3.3 and implemented a complete revamp of our 
permission structure to include a strict requirement that anyone who 
creates/deletes items or bibs must pass cataloging assessments. However, we 
have found that staff can create new volume/call# and item records with only 
the permissions granted to Circulator, which do not include CREATE_VOLUME or 
CREATE_COPY. These should be the permissions checked before Evergreen permits a 
user to create a new item or call# record, right? I don't see any other 
permissions that should supersede those, but am I missing something?

I created a bug with links to our permissions list and examples from two 
different test databases (running 3.1 and 3.3) where I was able to create new 
holdings without having CREATE_VOLUME or CREATE_COPY permissions:<>

Any testing/feedback/confirmation that anyone is willing to provide would be 
most welcome.



April Durrence
NC Cardinal Training Specialist
NC Dept. of Natural and Cultural Resources
919.814.6794 |<>
109 East Jones Street | 4640 Mail Service Center
Raleigh, North Carolina 27699-4600
[A close up of a logo  Description automatically generated]
Email correspondence to and from this address is subject to the North Carolina 
Public Records Law and may be disclosed to third parties.


If you need further assistance, please contact the library at 940-365-9162 or 
send a reply email.
Thank You, The Library Staff

226 Countryside Dr., Aubrey, TX 76227

Reply via email to