Evergreen

Create a new ADMIN_EDI permission

Bug #1916642 reported by Tiffany Little
40
This bug affects 7 people
Affects Status Importance Assigned to Milestone
Evergreen
Confirmed
Wishlist
Unassigned

Bug Description

Wishlist.

EDI account viewing and management are currently governed by the ADMIN_PROVIDER permission. This should be split off into its own permission, since EDI accounts contain login information that might not need to be as widely shared as the ability to create/manage providers.

Example: I might want my regional libraries to create their own providers, but I don't necessarily want them creating or viewing EDI account information.

An ADMIN_EDI permission could also govern deleting EDI messages. Right now there is a button in the autogenerated EDI Messages interface to delete EDI messages, which happens with no perm check (see bug 1863154). Having the ability to delete EDI messages *might* not be a bad thing, since that could possibly function as a "resend order" option (see bug 1218423). But I'd 100% want that to be governed by a perm.

Tiffany Little (tslittle)
Changed in evergreen:
importance: Undecided → Wishlist
Jennifer Pringle (jpringle-u)
Changed in evergreen:
status: New → Confirmed
Tiffany Little (tslittle)
tags: added: acq-admin acq-edi
Revision history for this message
Ruth Frasur Davis (redavis) wrote :

I agree that ADMIN_EDI should be split out from ADMIN_PROVIDER, and am also in agreement that the ability to delete EDI messages on the staff side (rather than server side) should be implemented and also have its own permission.

Revision history for this message
Tiffany Little (tslittle) wrote (last edit ):

Discussion in the last AIG meeting also makes me wonder--should this be split further? Something like VIEW_EDI (I can see but not edit), ADMIN_EDI (adding/modifying EDI accounts), and DELETE_EDI_MESSAGES(?) to delete the messages and resend PO's? Are there staff who should be able to see EDI stuff but not touch it?

Revision history for this message
Jennifer Pringle (jpringle-u) wrote :

+1 to splitting the perms further as described.

I think there will be staff who should be able to see EDI messages but not delete them.

Revision history for this message
Ruth Frasur Davis (redavis) wrote :

+1 as well. Agreeing with both of the comments that there are definitely more staff that should be able to see EDI messages than should be able to delete them.

Revision history for this message
Christine Morgan (cmorgan-z) wrote :

+1 to splitting the perms further as described.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.