[Dspace-general] unexpected access to administrator powers
Patricia Galloway
galloway at ischool.utexas.edu
Mon Mar 16 18:32:27 EDT 2009
We have been running a DSpace instance since the spring of 2003,
upgrading through 1.2. 1.3, and 1.4, and now to 1.5. Early on we managed
communities by creating groups to manage them, and assigned Write,
Delete (originally), Remove, and Add authorizations to groups on
communities. Which meant that those groups could make subcommunities and
collections but could do little else. Alas this is apparently no longer
true. When someone in one of those groups then goes to one of the
subcommunities and/or collections for which that group has those
authorizations, that person will see an "Edit" button on the upper
right. Still okay and what you would expect, but: when the person clicks
on the edit button, the whole administrator navigation bar opens up on
the left and is functional, in effect granting the person full
administrative control through the GUI. I tried setting up a new group
and set of permissions like this on a community that did not have them,
and got the same results. Has anyone else seen this? Has this been reported?
Pat Galloway
School of Information
University of Texas at Austin
More information about the Dspace-general
mailing list