Topics

moderated Database Permissions Not Working Per Owner's Manual? #bug


Jim Wilson
 

Duane, I read the Owner's Manual at https://groups.io/helpcenter/ownersmanual/1/customizing-settings-for-premium-and-enterprise-features/database?single=true and assumed that was the limit of permissions assignment capability. I never saw the permissions within the table and didn't know they existed.

I would ask Mark to have Nina change that section of the Owner's Manual to include and highlight the further permissions capabilities within a table.
--
Jim


Duane
 

On Fri, Dec 18, 2020 at 04:30 AM, Duane wrote:
There are several settings that can be changed when a database is created to control edits and such
More detail at https://groups.io/g/GroupManagersForum/wiki/690#Create-New-Table---Heading  The default for View Table, Edit Table, Add Rows, and Edit Rows is Member, so anyone could change things.  The setting on the Settings page only controls who can create tables/databases.

Duane


Duane
 

On Thu, Dec 17, 2020 at 10:04 PM, Jim Wilson wrote:
We have always had Admin > Settings > Features > Database > Permissions set as "Members can view, moderators can create tables" which, in the manual, states that this applies to modifications, as well. This is not happening.
You may not have the proper permissions set within the database itself.  There are several settings that can be changed when a database is created to control edits and such, https://groups.io/helpcenter/membersmanual/1/working-with-databases/creating-a-database-table

Duane


Jim Wilson
 

I am seeing an issue that runs contrary to the Owner's Manual description of permissions.

We have a large database in our group with more than 4K entries. I have just realized a regular non-moderator member has been modifying entries for quite a while now. Not that the person was "unauthorized" but they should not have been able to change anything.

We have always had Admin > Settings > Features > Database > Permissions set as "Members can view, moderators can create tables" which, in the manual, states that this applies to modifications, as well. This is not happening. An even larger issue (and much more alarming) is that any regular member is also allowed to modify the table structure as well as delete the entire table! I have just tested this with my test group. This is a real problem!

As this issue is addressed, please consider how users could be assigned "modify" permissions without the need to make them a moderator. I also believe "delete" should be reserved to owners only or specified as a separate permission.
--
Jim