Uploaded image for project: 'Islandora'
  1. Islandora
  2. ISLANDORA-1834

Separate management permissions for CModels

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Fix Version/s: None
    • Labels:
      None

      Description

      Content models are treated no differently from objects, and their pages and management interface are the same. Furthermore, any user with the "Manage Islandora objects" permission can also manage (and delete) content models.

      This can lead to accidents, such as a user with permission to manage repository objects attempting to delete a collection, and accidentally deleting the Collection Content Model. (This happened yesterday to http://arcabc.ca.)

      While this kind of accident can be prevented (by applying a XACML policy to each individual CModel object), Islandora administrators would not expect that they need to do this - and such policies should exist out of the box.

      Suggesting finer-grained Drupal permissions, to determine which roles may modify objects that have the Content Model content model.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              brandonw Brandon Weigel
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: