Inappropriate Permissions

Discussions about the Directory Tool on lds.org. Questions about the Directory on the classic site should be posted in the LUWS forum.
User avatar
AileneRHerrick
Member
Posts: 299
Joined: Mon Dec 08, 2008 2:33 pm
Location: Moses Lake, Washington, United States

Inappropriate Permissions

Postby AileneRHerrick » Sun Apr 21, 2013 6:05 pm

Just today, I noticed that I had the option of showing the record number of anyone in the directory. I am the ward website administrator, but I am not a clerk. It doesn't seem like I should be able to view such sensitive information. Just want to make developers aware!

jdlessley
Community Moderators
Posts: 6522
Joined: Sun Mar 16, 2008 11:30 pm
Location: USA, TX

Re: Inappropriate Permissions

Postby jdlessley » Sun Apr 21, 2013 6:37 pm

I noticed the same thing and made an inquiry In the Directory 2.1 Update Released thread as to what constitutes a unit leader. I guess when there is a response in that thread then we may know who is intended to see the MRN. I welcome this capability to view the MRN to assist members with LDS Account registration or issues. If it was unintended then it will disappear once they recognize who has the permissions to see this.
JD Lessley
Have you tried finding your answer on the LDS.org Help Center page or the LDSTech wiki?

User avatar
AileneRHerrick
Member
Posts: 299
Joined: Mon Dec 08, 2008 2:33 pm
Location: Moses Lake, Washington, United States

Re: Inappropriate Permissions

Postby AileneRHerrick » Sun Apr 21, 2013 6:44 pm

jdlessley wrote:I welcome this capability to view the MRN to assist members with LDS Account registration or issues.


I thought of that too. That would be handy.

However, since the developers have elected not to give me the ability to edit email addresses and such things from the directory (since I'm not a clerk), I figured they would also not allow me to view more sensitive information.

mevans
Senior Member
Posts: 1280
Joined: Tue May 22, 2012 12:52 pm
Location: California, USA

Re: Inappropriate Permissions

Postby mevans » Mon Apr 22, 2013 2:07 pm

AileneRHerrick wrote:However, since the developers have elected not to give me...


It's not "the developers" who are making such choices. The Priesthood Department decides what we see in these tools, including who has permissions to do what. Generally, we get no explanations of decisions that are made. Occasionally we get some glimpses of what goes on internally. At the end of the day, someone has to make a decision about what they want the developers to create, and most likely everyone internally isn't happy with every decision.

It's not that dissimilar to the patterns you see with other software companies. Some are more open with their decision making process, but many are not, and as a user of a product or service you may be left wondering why a company chose to do something the way they did.

russellhltn
Community Administrator
Posts: 20734
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Re: Inappropriate Permissions

Postby russellhltn » Mon Apr 22, 2013 2:36 pm

mevans wrote:It's not "the developers" who are making such choices. The Priesthood Department decides what we see in these tools, including who has permissions to do what.


No disagreement, but the question is, is this a bug or a decision? My uninformed vote is "bug".

Given the potential security issue, I've emailed a Directory contact.
Have you searched the Wiki?
Try using a Google search by adding "site:tech.lds.org/wiki" to the search criteria.

User avatar
AileneRHerrick
Member
Posts: 299
Joined: Mon Dec 08, 2008 2:33 pm
Location: Moses Lake, Washington, United States

Re: Inappropriate Permissions

Postby AileneRHerrick » Mon Apr 22, 2013 2:44 pm

russellhltn wrote:No disagreement, but the question is, is this a bug or a decision? My uninformed vote is "bug".


That's what I'm saying. I'm not saying a decision was made and that I disagree with it. I'm saying that I think when they were programming, a mistake was probably made that gave me access to information that I'm probably not intended to have access to. If this is indeed the case, then it would need to be remedied as soon as possible.

Is this the right place to post this where the right people will see it?

russellhltn
Community Administrator
Posts: 20734
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Re: Inappropriate Permissions

Postby russellhltn » Mon Apr 22, 2013 2:47 pm

I've sent off an email with my last post. We'll see what kind of response we get.
Have you searched the Wiki?

Try using a Google search by adding "site:tech.lds.org/wiki" to the search criteria.

User avatar
aebrown
Community Administrator
Posts: 14685
Joined: Tue Nov 27, 2007 8:48 pm
Location: Sandy, Utah

Re: Inappropriate Permissions

Postby aebrown » Mon Apr 22, 2013 2:49 pm

russellhltn wrote:
mevans wrote:It's not "the developers" who are making such choices. The Priesthood Department decides what we see in these tools, including who has permissions to do what.


No disagreement, but the question is, is this a bug or a decision? My uninformed vote is "bug".

The particular issue that mevans raised is most definitely not a bug. He was responding to "the developers have elected not to give me the ability to edit email addresses and such things from the directory (since I'm not a clerk)." We have abundant evidence that this was a specific choice.

The issue mentioned in the original post (where a non-clerk website administrator has "the option of showing the record number of anyone in the directory) is a different question. I would tend to agree that this was an oversight in applying permissions to this new feature, and thus is a bug.

User avatar
AileneRHerrick
Member
Posts: 299
Joined: Mon Dec 08, 2008 2:33 pm
Location: Moses Lake, Washington, United States

Re: Inappropriate Permissions

Postby AileneRHerrick » Mon Apr 22, 2013 5:00 pm

aebrown wrote:The particular issue that mevans raised is most definitely not a bug. He was responding to "the developers have elected not to give me the ability to edit email addresses and such things from the directory (since I'm not a clerk)."


Whoops, now I see that! Thanks for clarifying. And in response to that... I know, but I guess I consider the men with the priesthood authority to be part of the developers, even though they're not doing the actual programming. I guess that's why I misunderstood the response.

Anyway... I guess I can consider the "bug" reported. :cool:

User avatar
johnshaw
Senior Member
Posts: 1834
Joined: Fri Jan 19, 2007 1:55 pm
Location: Syracuse, UT

Re: Inappropriate Permissions

Postby johnshaw » Mon Apr 22, 2013 5:50 pm

I have a hard time believing that the 'priesthood leaders' are actually making the assignment, but rather giving general direction to allow appropriate access to the appropriate individuals based on their callings and handbook assignments. When a question arises that might be ambiguous, I can see that going up for a decision. The current https://leader.lds.org grants access to Stake Executive Secretaries access to Clerk areas of responsibilities, according to tradition, assignment and the handbook. However, I can see where some in the department might say, well in my stake the ExecSec does that and it gets written into code because nobody else has that experience.

The reason I believe this is that it takes very little time during the beta cycles to make changes like that as we notice them as a community, however, after something goes live.... it takes a very long time, in fact, programmers would avoid going back to make changes by providing interesting justifications for why it's there rather than run it up the chain... Those decisions take a long time.

Again, by way of observation and deduction only... the above may not reflect reality at all.
“A long habit of not thinking a thing wrong, gives it a superficial appearance of being right, and raises at first a formidable outcry in defense of custom.”
― Thomas Paine, Common Sense


Return to “Directory”

Who is online

Users browsing this forum: No registered users and 1 guest