Security checks and Default role for all users

Re: Security checks and Default role for all users

by Nicolas Martignoni -
Number of replies: 2
Picture of Core developers Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Plugin developers Picture of Testers Picture of Translators

IMHO, this is indeed a bug, since default definition of "Authenticated user" leads to a report critical status.

This is due to capacity "tool/dataprivacy:requestdelete" with risk RISK_DATALOSS is allowed by default for this role.

How about fixing this in an analog way of MDL-50613?

Average of ratings: Useful (4)
In reply to Nicolas Martignoni

Re: Security checks and Default role for all users

by Michael Buchanan -
I had this same problem and your solution fixed it though it does seem like a bug since allowing users to request their data be deleted is a reasonable request. I have submitted a bug report at https://tracker.moodle.org/browse/MDL-69025
Average of ratings: -
In reply to Michael Buchanan

Re: Security checks and Default role for all users

by Nicolas Martignoni -
Picture of Core developers Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Plugin developers Picture of Testers Picture of Translators

Hi Michael,

Could you please check if your created issue is a duplicate of MDL-67852?

In such a case, please close it and contribute to the original one, so that we get a better chance to have this fixed.

Average of ratings: -