https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=37144
--- Comment #32 from Laura Escamilla <[email protected]> --- Hi David, Thank you for your feedback. I understand your concern about how the new subpermission fits with existing permissions such as "list_borrowers." Here’s a more detailed explanation of how the new subpermission would work in practice and its relationship to current permissions: Currently, Koha does not offer granular control over sensitive patron information. This gap is particularly critical in environments such as correctional facilities, where there is a need to ensure that sensitive inmate information (like addresses) is not accessible to unauthorized users, such as volunteers who might assist with library operations but should not have access to personal data. The new subpermission I’m suggesting would be a refinement to control access specifically to sensitive patron information within the broader "list_borrowers" permission. Here's how it would function: 1. Granular Access Control: * "list_borrowers" Permission: Allows a user to see a list of all patrons in the system, including their basic information. * New Subpermission: Would be an additional layer that allows or restricts access to sensitive details (e.g., addresses, phone numbers) on a per-user basis. 2. Use Case Example: * Library Staff with Full Access: Users with full access (including the new subpermission) would be able to view and manage all patron details, including sensitive information. * Volunteers with Limited Access: Volunteers or other non-staff users would have the "list_borrowers" permission but would be restricted by the new subpermission from seeing sensitive information like addresses. 3. Implementation: * Separate Controls: The subpermission would be a toggle or separate setting within the permissions system, providing a more nuanced control over which users can see specific types of patron information. * Access Scenarios: For instance, a volunteer might need to see the list of patrons to check out books but should not be able to see the home addresses of the patrons. Practical Benefits: * Enhanced Privacy: Protects sensitive information from being exposed to unauthorized users. * Compliance: Helps in meeting privacy requirements and regulations specific to sensitive environments like correctional facilities. * Flexibility: Provides libraries with the flexibility to tailor access controls to their specific needs and user roles. In summary, the new subpermission would integrate with existing permissions by adding a layer of control over access to sensitive data, thus bridging the privacy gap without undermining the functionality of broader permissions like "list_borrowers." I hope this clarifies how the new subpermission complements and enhances the existing permission structure. Please let me know if you need further details or have additional questions. -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
