Pending patron records are not scoped to owning org unit
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Evergreen |
New
|
Undecided
|
Unassigned |
Bug Description
We are on Evergreen 3.9.0.
BCLC officially supports Chrome for Sitka's Evergreen.
The bug is you can load other libraries pending patrons, and see and edit all their info . The expected workflow is that only your org unit's pending patrons are available for viewing and editing.
Currently staff can view all pending patrons across the organizational tree, and can edit home library and make the patron theirs, or create and save patron with other library as home library.
Sitka's privacy optin is triggered in our production environment if you create patron for another org unit and attempt to save it.
We would prefer that staff not be able to view and or access or edit other libraries' patrons at all, rather than trigger an opt-in.
We consider this a privacy issue.
tags: | added: circulation patron |
tags: | added: privacy |