Item change possible without according staff user rights
- Article Type: Q&A
- Product: Aleph
- Product Version: 21
Question
It is possible to modify items via binding functionality without having the staff user right to modify items for the according sublibrary. Can this be avoided?
When a user has the right to modify only items from sublibrary X he is although able to modify items from sublibrary Y when he uses the binding functionality.
Answer
The difference is that the ITEM-PUT permission is checked on the sublibrary level. That's why actions on Sublibrary A are prevented.
However, the GLOBAL-CHANGES permission is NOT checked on the sublibrary level. User XXX has permission for GLOBAL-CHANGES on the library level but denied permission only for Sublibrary A. If you delete the Sublibrary A-level permission and set the entire GLOBAL-CHANGES function to "Denied" for user XXX, you'll be blocked.
You must understand that the GLOBAL-CHANGES permission cannot be sublibrary-sensitive because of it's nature.
Category: Staff privileges/ (500) - ALEPH
Subject: ALEPH - 500
- Article last edited: 7/30/2014