Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-69025

Authenticated User permission "tool/dataprivacy:requestdelete" results in critical warning

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Duplicate
    • Affects Version/s: 3.8 regressions
    • Fix Version/s: None
    • Component/s: User management
    • Labels:
      None

      Description

      I have just installed Moodle 3.8.3 and when I looked at the security report, the Default role for all users has a critical error -  The default user role "Authenticated user" is incorrectly defined!

      I followed the posted solution to reset the authenticated user role to its default permissions but that dis not solve the problem.  I then saw this post - https://moodle.org/mod/forum/discuss.php?d=403379#p1628062 which suggested the problem is that the permission -  tool/dataprivacy:requestdelete" with risk RISK_DATALOSS is allowed by default for this role.  When I changed the setting on this role to Prevent, the critical error went away.  But it does seem like you would want users to be able to request delete, which is why this seems like a bug.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              elmonemo21 Michael Buchanan
              Participants:
              Component watchers:
              Amaia Anabitarte, Carlos Escobedo, Ferran Recio, Ilya Tregubov, Sara Arjona (@sarjona)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: