Security checks and Default role for all users

Security checks and Default role for all users

Séverin TERRIER -
Atsakymų skaičius: 3
Documentation writers paveikslėlis Particularly helpful Moodlers paveikslėlis Testers paveikslėlis Translators paveikslėlis

Hi,

From "Site administration > Reports > Security checks", i see a "critical" warning for "Default role for all users" with detail of "The default user role "Authenticated user" is incorrectly defined!".

But when i check, it's well the good role that is defined! And i've tried to reset it (and other default roles) to default permissions with no positive change liūdnas

I can see this problem on my main Moodle plateform (3.7.6), on another one (3.8.2), and even on Moodle 3.9 QA, and other people see the same thing.

So i think it's a bug in this check! I've seen MDL-50613 (closed), which means this should not indicate "critical" warning.

What do others think?

Séverin

PS : for french reading people, you can look at this french discussion about this problem.

Pažymių vidurkis: -
Atsakymas į Séverin TERRIER

Re: Security checks and Default role for all users

Nicolas Martignoni -
Core developers paveikslėlis Documentation writers paveikslėlis Particularly helpful Moodlers paveikslėlis Plugin developers paveikslėlis Testers paveikslėlis Translators paveikslėlis

IMHO, this is indeed a bug, since default definition of "Authenticated user" leads to a report critical status.

This is due to capacity "tool/dataprivacy:requestdelete" with risk RISK_DATALOSS is allowed by default for this role.

How about fixing this in an analog way of MDL-50613?

Pažymių vidurkis:Useful (5)
Atsakymas į Nicolas Martignoni

Re: Security checks and Default role for all users

Michael Buchanan -
I had this same problem and your solution fixed it though it does seem like a bug since allowing users to request their data be deleted is a reasonable request. I have submitted a bug report at https://tracker.moodle.org/browse/MDL-69025
Pažymių vidurkis: -
Atsakymas į Michael Buchanan

Re: Security checks and Default role for all users

Nicolas Martignoni -
Core developers paveikslėlis Documentation writers paveikslėlis Particularly helpful Moodlers paveikslėlis Plugin developers paveikslėlis Testers paveikslėlis Translators paveikslėlis

Hi Michael,

Could you please check if your created issue is a duplicate of MDL-67852?

In such a case, please close it and contribute to the original one, so that we get a better chance to have this fixed.

Pažymių vidurkis: -