- Article Type: General
- Product: Aleph
- Product Version: 20
If you bring up a bib record that has an OWN different from the OWN of the signed in user, you should not be allowed to change or delete the record. If you push the record back to the server or click on "Delete Record from Server" the user is blocked from doing the requested action.
BUT, if the user clicks on "Total Delete" under the "Record Manager" tab, the Total Delete proceeds without checking to see if the OWN of the bib matches the OWN of the logged in user. This is a serious hole in record protection on consortium servers.
v20 rep_change 3297
v21 rep_ver 17088
- Article last edited: 10/8/2013