Thanks Jordan and Remington for the feedback! I updated the bug<https://bugs.launchpad.net/evergreen/+bug/1853062> to say we do grant UPDATE_VOLUME and UPDATE_COPY to Circulators and we may have to reconsider that choice under the circumstances. This bug gives much food for thought and discussion. We are planning to do a conference proposal to talk about our patron and staff permission changes, so I hope to meet you then, Jordan! 😊
Regards, April April Durrence NC Cardinal Training Specialist NC Dept. of Natural and Cultural Resources 919.814.6794 | april.durre...@ncdcr.gov 109 East Jones Street | 4640 Mail Service Center Raleigh, North Carolina 27699-4600 Facebook<http://www.facebook.com/NorthCarolinaCulture> Twitter<http://www.twitter.com/ncculture> Instagram<http://www.instagram.com/ncculture> YouTube<http://www.youtube.com/ncculture> Website<https://statelibrary.ncdcr.gov/> [A close up of a logo Description automatically generated] Email correspondence to and from this address is subject to the North Carolina Public Records Law and may be disclosed to third parties. From: Open-ils-general <open-ils-general-boun...@list.georgialibraries.org> On Behalf Of Remington Steed Sent: Wednesday, November 20, 2019 8:43 AM To: Evergreen Discussion Group <open-ils-general@list.georgialibraries.org> Subject: [External] Re: [OPEN-ILS-GENERAL] Create item/call# records without permissions CAUTION: External email. Do not click links or open attachments unless you verify. Send all suspicious email as an attachment to report.s...@nc.gov<mailto:report.s...@nc.gov> Jordan, A quick glance at the code seems to support your general theory. I don’t see any references to CREATE_VOLUME or CREATE_COPY in the perl code (except in the serials code), but I see several references to UPDATE_VOLUME and UPDATE_COPY. I’ll add some initial details to the LaunchPad bug, in hopes that someone else can take it further. Remington -- Remington Steed Electronic Resources Specialist Hekman Library, Calvin University http://library.calvin.edu/ From: Open-ils-general <open-ils-general-boun...@list.georgialibraries.org<mailto:open-ils-general-boun...@list.georgialibraries.org>> On Behalf Of Aubrey Area Library Sent: Tuesday, November 19, 2019 7:48 PM To: Evergreen Discussion Group <open-ils-general@list.georgialibraries.org<mailto:open-ils-general@list.georgialibraries.org>> Subject: Re: [OPEN-ILS-GENERAL] Create item/call# records without permissions Hey April, Our consortium is currently in the process of overhauling our permissions as well, using yall as a base. After looking over it, I wonder if the UPDATE_COPY permission might the the culprit here. It is the only permission in the Circulator group that looks like it may be the cause outside of a bug. Unfortunately we haven't got as far as setting up new groups for testing. Give it a shot and let me know as this is definitely something to know since we are in a similar boat with similar goals. Thanks, Jordan Woodard Aubrey Area Library On Tue, Nov 19, 2019 at 12:53 PM Durrence, April <april.durre...@ncdcr.gov<mailto:april.durre...@ncdcr.gov>> wrote: Hi all, I wanted to ask for feedback on an issue we recently uncovered. We recently upgraded from Evergreen 3.1 to 3.3 and implemented a complete revamp of our permission structure to include a strict requirement that anyone who creates/deletes items or bibs must pass cataloging assessments. However, we have found that staff can create new volume/call# and item records with only the permissions granted to Circulator, which do not include CREATE_VOLUME or CREATE_COPY. These should be the permissions checked before Evergreen permits a user to create a new item or call# record, right? I don't see any other permissions that should supersede those, but am I missing something? I created a bug with links to our permissions list and examples from two different test databases (running 3.1 and 3.3) where I was able to create new holdings without having CREATE_VOLUME or CREATE_COPY permissions: https://bugs.launchpad.net/evergreen/+bug/1853062<https://urldefense.proofpoint.com/v2/url?u=https-3A__bugs.launchpad.net_evergreen_-2Bbug_1853062&d=DwMFaQ&c=4rZ6NPIETe-LE5i2KBR4rw&r=XMUuJ_zlJ9I1qg9tP7WLhw&m=8hl_Ba67bZH8FiUiAV2KnP4_cX8Ke5fe1Boy_7Z3qTE&s=1DAEXsj124YDiDWFGKfS8L6y4A0J-lmY40r1cM9xtJQ&e=> Any testing/feedback/confirmation that anyone is willing to provide would be most welcome. Thanks! April April Durrence NC Cardinal Training Specialist NC Dept. of Natural and Cultural Resources 919.814.6794 | april.durre...@ncdcr.gov<mailto:april.durre...@ncdcr.gov> 109 East Jones Street | 4640 Mail Service Center Raleigh, North Carolina 27699-4600 Facebook<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.facebook.com_NorthCarolinaCulture&d=DwMFaQ&c=4rZ6NPIETe-LE5i2KBR4rw&r=XMUuJ_zlJ9I1qg9tP7WLhw&m=8hl_Ba67bZH8FiUiAV2KnP4_cX8Ke5fe1Boy_7Z3qTE&s=RS8QEJGHo8CzAGSq2Xvt59KVWDGvO-Q3cnBQn6LgWFE&e=> Twitter<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.twitter.com_ncculture&d=DwMFaQ&c=4rZ6NPIETe-LE5i2KBR4rw&r=XMUuJ_zlJ9I1qg9tP7WLhw&m=8hl_Ba67bZH8FiUiAV2KnP4_cX8Ke5fe1Boy_7Z3qTE&s=jW_b0sRUIv0hrqIcQLMloBpj6TzyfURl9Y8SLYGs510&e=> Instagram<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.instagram.com_ncculture&d=DwMFaQ&c=4rZ6NPIETe-LE5i2KBR4rw&r=XMUuJ_zlJ9I1qg9tP7WLhw&m=8hl_Ba67bZH8FiUiAV2KnP4_cX8Ke5fe1Boy_7Z3qTE&s=4UtwEoLm8pv0Ef2xMoNNeTkqBAQTk9Q3DJxfClq874E&e=> YouTube<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.youtube.com_ncculture&d=DwMFaQ&c=4rZ6NPIETe-LE5i2KBR4rw&r=XMUuJ_zlJ9I1qg9tP7WLhw&m=8hl_Ba67bZH8FiUiAV2KnP4_cX8Ke5fe1Boy_7Z3qTE&s=Vvfh_s38GmqVy9WtwRr-sdxBoPl75e-cMDMc15dNnLQ&e=> Website<https://urldefense.proofpoint.com/v2/url?u=https-3A__statelibrary.ncdcr.gov_&d=DwMFaQ&c=4rZ6NPIETe-LE5i2KBR4rw&r=XMUuJ_zlJ9I1qg9tP7WLhw&m=8hl_Ba67bZH8FiUiAV2KnP4_cX8Ke5fe1Boy_7Z3qTE&s=PE9VFHRKj7d2UUYlHTnJoPbiiuFcCf_BEPGYrsqxQqk&e=> [A close up of a logo Description automatically generated] Email correspondence to and from this address is subject to the North Carolina Public Records Law and may be disclosed to third parties. -- If you need further assistance, please contact the library at 940-365-9162 or send a reply email. Thank You, The Library Staff 226 Countryside Dr., Aubrey, TX 76227