Question

It is possible to modify items via binding functionality without having the staff user right to modify items for the according sublibrary. Can this be avoided?
When a user has the right to modify only items from sublibrary X he is although able to modify items from sublibrary Y when he uses the binding functionality.

Answer

The difference is that the ITEM-PUT permission is checked on the sublibrary level. That's why actions on Sublibrary A are prevented.
However, the GLOBAL-CHANGES permission is NOT checked on the sublibrary level. User XXX has permission for GLOBAL-CHANGES on the library level but denied permission only for Sublibrary A. If you delete the Sublibrary A-level permission and set the entire GLOBAL-CHANGES function to "Denied" for user XXX, you'll be blocked.

You must understand that the GLOBAL-CHANGES permission cannot be sublibrary-sensitive because of it's nature.

Category: Staff privileges/ (500) - ALEPH

Subject: ALEPH - 500

• Article last edited: 7/30/2014