wishlist: Reports security improvements
Bug #2043142 reported by
Andrea Neiman
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Evergreen |
New
|
Wishlist
|
Unassigned |
Bug Description
This work is funded by BC Libraries Cooperative.
Equinox is making improvements to the Evergreen Reports interfaces to protect personally identifying information with more granular reports access permissions and support of opt-in restrictions.
Improvements include:
* SQL-level restrictions and/or redactions on specific sources and output columns
* Scoping of VIEW_REPORT_OUTPUT permission based on folder ownership and sharing configuration
* A fix for private security bug 1917821
Full specifications are here:
https:/
To post a comment you must log in.
Good morning -
The document https:/ /yeti.equinoxol i.org/dev/ public/ techspecs/ repsec. pdf
mentions
patron opt-in several times.
1. How will patrons opt-in? During the registration process? Will a field
be added to that page and to the My Account page on the OPAC?
2. Will staff not be able to override patron options when running reports?
Example - If a patron returns an expensive resource such as a Chromebook
after the device has been deleted from the catalog, we are currently able
to run a Circulation List report to find the patron who last had the item.
If the patron opts-in to blocking circ history, we won't be able to find
Last Circulation information.
Thank you.
Diane Disbro
Pronouns: she/her
Circulation Coordinator
Scenic Regional Library
251 Union Plaza Drive
Union, MO 63084
(636) 583-0652 ext 110
<email address hidden>
On Thu, Nov 9, 2023 at 3:50 PM Andrea Neiman <email address hidden>
wrote:
> Public bug reported: /yeti.equinoxol i.org/dev/ public/ techspecs/ repsec. pdf /bugs.launchpad .net/bugs/ 2043142 /yeti.equinoxol i.org/dev/ public/ techspecs/ repsec. pdf /bugs.launchpad .net/evergreen/ +bug/2043142/ +subscriptions
>
> This work is funded by BC Libraries Cooperative.
>
> Equinox is making improvements to the Evergreen Reports interfaces to
> protect personally identifying information with more granular reports
> access permissions and support of opt-in restrictions.
>
> Improvements include:
> * SQL-level restrictions and/or redactions on specific sources and output
> columns
> * Scoping of VIEW_REPORT_OUTPUT permission based on folder ownership and
> sharing configuration
> * A fix for private security bug 1917821
>
> Full specifications are here:
> https:/
>
> ** Affects: evergreen
> Importance: Wishlist
> Assignee: Mike Rylander (mrylander)
> Status: New
>
>
> ** Tags: reports
>
> --
> You received this bug notification because you are subscribed to
> Evergreen.
> Matching subscriptions: EV bug mail
> https:/
>
> Title:
> wishlist: Reports security improvements
>
> Status in Evergreen:
> New
>
> Bug description:
> This work is funded by BC Libraries Cooperative.
>
> Equinox is making improvements to the Evergreen Reports interfaces to
> protect personally identifying information with more granular reports
> access permissions and support of opt-in restrictions.
>
> Improvements include:
> * SQL-level restrictions and/or redactions on specific sources and
> output columns
> * Scoping of VIEW_REPORT_OUTPUT permission based on folder ownership
> and sharing configuration
> * A fix for private security bug 1917821
>
> Full specifications are here:
> https:/
>
> To manage notifications about this bug go to:
> https:/
>
>