Jennifer, Are you assigning a *Secondary Permission Group* to the user? Or are you editing the *Main (Profile) Permission Group*? If it's a secondary, you may be running into this bug:
https://bugs.launchpad.net/evergreen/+bug/1480432 If this is your issue, you can try setting your new permission group as the user's main profile. Hope this is helpful, Michele -- Michele M. Morgan, Technical Support Analyst North of Boston Library Exchange, Danvers Massachusetts mmor...@noblenet.org On Mon, Apr 24, 2017 at 4:26 PM, Walz, Jennifer <jlw...@asbury.edu> wrote: > Chris, > > > > Thanks for that information. Currently we have the permission groups set > up in a pretty flat tree: > > > > Staff > > - ACQ > > - Cat > > - Circ > > - Cat admin > > - Circ admin > > - Tech workers > > - ILL > > - Etc > > > > There are no further levels. > > > > I was trying to create another one on the same level as the two Acq and > Cat, but combined. So, I was not going down another level. > > > > And it looks to me like maybe they were ALL inheriting something from > the staff level. So, I will check that first. But regardless of whatever > is set at the cat, acq, tech workers, etc level, every single one of those > users has the individual user permission set lower still. > > > > Here is what I am seeing. At the permission group editor – in the group > permissions tab – I set the “update_volume” to the consortium level. But > when I go to the user account that has been assigned to that permission > group, their individual user permission for “update_volume” is at the > branch. And I cannot change it or remove it at the user level. It > remains always at the branch. > > > > I will look into the server permissions table. Could be something is > corrupted there. > > > > Thanks! > > > > Jennifer > > > > *From:* Open-ils-general [mailto:open-ils-general- > boun...@list.georgialibraries.org] *On Behalf Of *Chris Sharp > *Sent:* Monday, April 24, 2017 4:14 PM > *To:* Evergreen Discussion Group > *Subject:* Re: [OPEN-ILS-GENERAL] Problem with update_volume permissions > > > > Jennifer, > > Permissions are inherited. Here's a sample permissions tree: > > Staff > > - Catalogers > > - AcqCataloger > > - (individual user with the 'AcqCataloger' profile) > > Permissions can get assigned at any level in the tree, but if the > permission is assigned at more than one level, the "lower down the tree" > (towards the individual user) assignments override those assigned "higher > up the tree" (towards "Staff"). For example, it sounds like the users > being "downgraded" have the UPDATE_VOLUME permission assigned to them at > the individual user level at a depth that is too low. Since it's > impossible to tell from the User Permission Editor interface what's what, > you might need the assistance of systems staff with database access to do > some cleanup. The relevant table for user-assigned permissions is > permission.usr_perm_map. > > By the way, in PINES we have tried to get away from assigning too many > permissions at the individual user level, and the situation you're in is > one of the reasons. > > I'll also share a tool we have that will show a profiles combined > permissions (again, someone with database access would need to run it): > http://git.evergreen-ils.org/?p=contrib/pines.git;a=blob;f= > helper-scripts/get_combined_perms_per_profile.sh;h= > 0c0b5f80c01fe417638cde2a02cb799f7c71fb46;hb=HEAD > > Once the script is created, it can be evoked with the permission group's > name (e.g. "./get_combined_perms_per_profile AcqCataloger" to use the > above example). That might help you sort things out. > > Hope that's helpful! > > Chris > > > > On Mon, Apr 24, 2017 at 2:51 PM, Walz, Jennifer <jlw...@asbury.edu> wrote: > > All – > > > > We have set up a new permission group where we would like to combine the > functions / permissions of the acquisitions and cataloging all into one. > So, I created a new permissions group, and added all the permissions to > that new group that looked like it dealt with both acq and cat functions. > Then I assigned a new staff patron login to that permission group. > > > > Here is where we are running into a problem. NO MATTER what depth I have > assigned at the permission group level for the ‘update_volume’ permission, > it keeps getting ‘downgraded’ to the lowest depth at the user permission > level. What is going on? What am I missing? This new staff person > cannot make changes beyond the branch depth. Why? > > > > What other factors affect the ‘update_volume’ permissions? Are there > some other permissions that work in tandem? > > > > BTW, I have already authorized this patron account to have working > locations for the OU across the consortium / system / library depths. > > > > Thanks! > > > > Jennifer > > -------------------------------------------------- > Jennifer Walz, MLS - Head of ILS permissions > Kinlaw Library - Asbury University > 1 Macklem Drive, Wilmore, KY 40390 > 859-858-3511 ext. 2269 <(859)%20858-3511> > jlw...@asbury.edu > > > > > > > -- > > Chris Sharp > > PINES System Administrator > > Georgia Public Library Service > > 1800 Century Place, Suite 150 > > Atlanta, Georgia 30345 > (404) 235-7147 >