- Article Type: General
- Product: Aleph
- Product Version: 18.01
There are several issues with the upgrade of order-index permissions
in step 1001 of upgrade express 18 -> 19.
1. The list of target ORDER-INDEX permissions is incomplete, containing only
LIST and INDEX-LIST, but not OPAC-LIST, BULK-ORDER, and BULK-ARRIVAL.
As a result, a user who has only ACQ LIST and ACQ INDEX-LIST permissions
in version 18, will end up with ORDER-INDEX GLOBAL permission in version 19,
which is a serious escalation of privileges.
2. Users with INDEX-LIST should probably also get OPAC-LIST, since there
is no corresponding permission in version 18.
3. BULK-ARRIVAL is a very expansive permission, especially since it is
not limited by sub-library. We do not want to assign this permission to anyone
automatically, other sites may or may not agree with this.
We have addressed all of these by adding the following lines to ..../UPGRADE_EXPRESS_1801_1901/source/1001/implement.table:
ACQ ORDER-INDEX INDEX-LIST OPAC-LIST C
NULL ORDER-INDEX BULK-ORDER BULK-ORDER C
NULL ORDER-INDEX BULK-ARRIVAL BULK-ARRIVAL C
Ex LIbris staff are studying this change for possible inclusion in the 18-19 UE kit. In any case, the ..../UPGRADE_EXPRESS_1801_1901/source/1001/implement.table is an unencrypted file which you are able to update locally.
This issue is still open and was escalated to Second line support for further analysis <2010-06-06 01:00:03>.
This issue is still open and was escalated to Development for further investigation <2010-06-13 01:00:01>.
- Article last edited: 10/8/2013