Security checks and Default role for all users

Security checks and Default role for all users

av Séverin TERRIER -
Antall svar: 3
Bilde av Documentation writers Bilde av Particularly helpful Moodlers Bilde av Testers Bilde av Translators

Hi,

From "Site administration > Reports > Security checks", i see a "critical" warning for "Default role for all users" with detail of "The default user role "Authenticated user" is incorrectly defined!".

But when i check, it's well the good role that is defined! And i've tried to reset it (and other default roles) to default permissions with no positive change trist

I can see this problem on my main Moodle plateform (3.7.6), on another one (3.8.2), and even on Moodle 3.9 QA, and other people see the same thing.

So i think it's a bug in this check! I've seen MDL-50613 (closed), which means this should not indicate "critical" warning.

What do others think?

Séverin

PS : for french reading people, you can look at this french discussion about this problem.

Gjennomsnittlig vurdering: -
Som svar til Séverin TERRIER

Re: Security checks and Default role for all users

av Nicolas Martignoni -
Bilde av Core developers Bilde av Documentation writers Bilde av Particularly helpful Moodlers Bilde av Plugin developers Bilde av Testers Bilde av Translators

IMHO, this is indeed a bug, since default definition of "Authenticated user" leads to a report critical status.

This is due to capacity "tool/dataprivacy:requestdelete" with risk RISK_DATALOSS is allowed by default for this role.

How about fixing this in an analog way of MDL-50613?

Gjennomsnittlig vurdering:Useful (5)
Som svar til Nicolas Martignoni

Re: Security checks and Default role for all users

av Michael Buchanan -
I had this same problem and your solution fixed it though it does seem like a bug since allowing users to request their data be deleted is a reasonable request. I have submitted a bug report at https://tracker.moodle.org/browse/MDL-69025
Gjennomsnittlig vurdering: -
Som svar til Michael Buchanan

Re: Security checks and Default role for all users

av Nicolas Martignoni -
Bilde av Core developers Bilde av Documentation writers Bilde av Particularly helpful Moodlers Bilde av Plugin developers Bilde av Testers Bilde av Translators

Hi Michael,

Could you please check if your created issue is a duplicate of MDL-67852?

In such a case, please close it and contribute to the original one, so that we get a better chance to have this fixed.

Gjennomsnittlig vurdering: -