Inappropriate Permissions
- AileneRHerrick
- Member
- Posts: 299
- Joined: Mon Dec 08, 2008 2:33 pm
- Location: Moses Lake, Washington, United States
Inappropriate Permissions
Just today, I noticed that I had the option of showing the record number of anyone in the directory. I am the ward website administrator, but I am not a clerk. It doesn't seem like I should be able to view such sensitive information. Just want to make developers aware!
-
- Community Moderators
- Posts: 9924
- Joined: Mon Mar 17, 2008 12:30 am
- Location: USA, TX
Re: Inappropriate Permissions
I noticed the same thing and made an inquiry In the Directory 2.1 Update Released thread as to what constitutes a unit leader. I guess when there is a response in that thread then we may know who is intended to see the MRN. I welcome this capability to view the MRN to assist members with LDS Account registration or issues. If it was unintended then it will disappear once they recognize who has the permissions to see this.
JD Lessley
Have you tried finding your answer on the ChurchofJesusChrist.org Help Center or Tech Wiki?
Have you tried finding your answer on the ChurchofJesusChrist.org Help Center or Tech Wiki?
- AileneRHerrick
- Member
- Posts: 299
- Joined: Mon Dec 08, 2008 2:33 pm
- Location: Moses Lake, Washington, United States
Re: Inappropriate Permissions
I thought of that too. That would be handy.jdlessley wrote:I welcome this capability to view the MRN to assist members with LDS Account registration or issues.
However, since the developers have elected not to give me the ability to edit email addresses and such things from the directory (since I'm not a clerk), I figured they would also not allow me to view more sensitive information.
-
- Senior Member
- Posts: 2052
- Joined: Tue May 22, 2012 1:52 pm
- Location: California, USA
Re: Inappropriate Permissions
It's not "the developers" who are making such choices. The Priesthood Department decides what we see in these tools, including who has permissions to do what. Generally, we get no explanations of decisions that are made. Occasionally we get some glimpses of what goes on internally. At the end of the day, someone has to make a decision about what they want the developers to create, and most likely everyone internally isn't happy with every decision.AileneRHerrick wrote:However, since the developers have elected not to give me...
It's not that dissimilar to the patterns you see with other software companies. Some are more open with their decision making process, but many are not, and as a user of a product or service you may be left wondering why a company chose to do something the way they did.
-
- Community Administrator
- Posts: 34513
- Joined: Sat Jan 20, 2007 2:53 pm
- Location: U.S.
Re: Inappropriate Permissions
No disagreement, but the question is, is this a bug or a decision? My uninformed vote is "bug".mevans wrote:It's not "the developers" who are making such choices. The Priesthood Department decides what we see in these tools, including who has permissions to do what.
Given the potential security issue, I've emailed a Directory contact.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.
So we can better help you, please edit your Profile to include your general location.
So we can better help you, please edit your Profile to include your general location.
- AileneRHerrick
- Member
- Posts: 299
- Joined: Mon Dec 08, 2008 2:33 pm
- Location: Moses Lake, Washington, United States
Re: Inappropriate Permissions
That's what I'm saying. I'm not saying a decision was made and that I disagree with it. I'm saying that I think when they were programming, a mistake was probably made that gave me access to information that I'm probably not intended to have access to. If this is indeed the case, then it would need to be remedied as soon as possible.russellhltn wrote:No disagreement, but the question is, is this a bug or a decision? My uninformed vote is "bug".
Is this the right place to post this where the right people will see it?
-
- Community Administrator
- Posts: 34513
- Joined: Sat Jan 20, 2007 2:53 pm
- Location: U.S.
Re: Inappropriate Permissions
I've sent off an email with my last post. We'll see what kind of response we get.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.
So we can better help you, please edit your Profile to include your general location.
So we can better help you, please edit your Profile to include your general location.
- aebrown
- Community Administrator
- Posts: 15153
- Joined: Tue Nov 27, 2007 8:48 pm
- Location: Draper, Utah
Re: Inappropriate Permissions
The particular issue that mevans raised is most definitely not a bug. He was responding to "the developers have elected not to give me the ability to edit email addresses and such things from the directory (since I'm not a clerk)." We have abundant evidence that this was a specific choice.russellhltn wrote:No disagreement, but the question is, is this a bug or a decision? My uninformed vote is "bug".mevans wrote:It's not "the developers" who are making such choices. The Priesthood Department decides what we see in these tools, including who has permissions to do what.
The issue mentioned in the original post (where a non-clerk website administrator has "the option of showing the record number of anyone in the directory) is a different question. I would tend to agree that this was an oversight in applying permissions to this new feature, and thus is a bug.
- AileneRHerrick
- Member
- Posts: 299
- Joined: Mon Dec 08, 2008 2:33 pm
- Location: Moses Lake, Washington, United States
Re: Inappropriate Permissions
Whoops, now I see that! Thanks for clarifying. And in response to that... I know, but I guess I consider the men with the priesthood authority to be part of the developers, even though they're not doing the actual programming. I guess that's why I misunderstood the response.aebrown wrote:The particular issue that mevans raised is most definitely not a bug. He was responding to "the developers have elected not to give me the ability to edit email addresses and such things from the directory (since I'm not a clerk)."
Anyway... I guess I can consider the "bug" reported.
- johnshaw
- Senior Member
- Posts: 2273
- Joined: Fri Jan 19, 2007 1:55 pm
- Location: Syracuse, UT
Re: Inappropriate Permissions
I have a hard time believing that the 'priesthood leaders' are actually making the assignment, but rather giving general direction to allow appropriate access to the appropriate individuals based on their callings and handbook assignments. When a question arises that might be ambiguous, I can see that going up for a decision. The current https://leader.lds.org grants access to Stake Executive Secretaries access to Clerk areas of responsibilities, according to tradition, assignment and the handbook. However, I can see where some in the department might say, well in my stake the ExecSec does that and it gets written into code because nobody else has that experience.
The reason I believe this is that it takes very little time during the beta cycles to make changes like that as we notice them as a community, however, after something goes live.... it takes a very long time, in fact, programmers would avoid going back to make changes by providing interesting justifications for why it's there rather than run it up the chain... Those decisions take a long time.
Again, by way of observation and deduction only... the above may not reflect reality at all.
The reason I believe this is that it takes very little time during the beta cycles to make changes like that as we notice them as a community, however, after something goes live.... it takes a very long time, in fact, programmers would avoid going back to make changes by providing interesting justifications for why it's there rather than run it up the chain... Those decisions take a long time.
Again, by way of observation and deduction only... the above may not reflect reality at all.
“A long habit of not thinking a thing wrong, gives it a superficial appearance of being right, and raises at first a formidable outcry in defense of custom.”
― Thomas Paine, Common Sense
― Thomas Paine, Common Sense