Security checks and Default role for all users

Security checks and Default role for all users

Séverin TERRIER tomonidan -
Number of replies: 3
Documentation writers rasmi Particularly helpful Moodlers rasmi Testers rasmi Translators rasmi

Hi,

From "Site administration > Reports > Security checks", i see a "critical" warning for "Default role for all users" with detail of "The default user role "Authenticated user" is incorrectly defined!".

But when i check, it's well the good role that is defined! And i've tried to reset it (and other default roles) to default permissions with no positive change G'amgin

I can see this problem on my main Moodle plateform (3.7.6), on another one (3.8.2), and even on Moodle 3.9 QA, and other people see the same thing.

So i think it's a bug in this check! I've seen MDL-50613 (closed), which means this should not indicate "critical" warning.

What do others think?

Séverin

PS : for french reading people, you can look at this french discussion about this problem.

O'rtacha reytinglar: -
In reply to Séverin TERRIER

Re: Security checks and Default role for all users

Nicolas Martignoni tomonidan -
Core developers rasmi Documentation writers rasmi Particularly helpful Moodlers rasmi Plugin developers rasmi Testers rasmi Translators rasmi

IMHO, this is indeed a bug, since default definition of "Authenticated user" leads to a report critical status.

This is due to capacity "tool/dataprivacy:requestdelete" with risk RISK_DATALOSS is allowed by default for this role.

How about fixing this in an analog way of MDL-50613?

O'rtacha reytinglar:Useful (5)
In reply to Nicolas Martignoni

Re: Security checks and Default role for all users

Michael Buchanan tomonidan -
I had this same problem and your solution fixed it though it does seem like a bug since allowing users to request their data be deleted is a reasonable request. I have submitted a bug report at https://tracker.moodle.org/browse/MDL-69025
O'rtacha reytinglar: -
In reply to Michael Buchanan

Re: Security checks and Default role for all users

Nicolas Martignoni tomonidan -
Core developers rasmi Documentation writers rasmi Particularly helpful Moodlers rasmi Plugin developers rasmi Testers rasmi Translators rasmi

Hi Michael,

Could you please check if your created issue is a duplicate of MDL-67852?

In such a case, please close it and contribute to the original one, so that we get a better chance to have this fixed.

O'rtacha reytinglar: -