[#SVC-4259] Group Role Ability > Object Management > Manipulate Group Objects Enables anyone enabled to return group objects.

2. Second Life Service - SVC

Group Role Ability > Object Management > Manipulate Group Objects Enables anyone enabled to return group objects.

Created: 15/May/09 12:59 PM Updated: 25/May/09 02:51 AM

Return to search

Component/s:

Groups, Permissions

Affects Version/s:

None

Fix Version/s:

None

Environment:

all

Issue Links:

Relates

This issue Relates to:

~~VWR-5491~~ Group Members Not Enabled to Do So Can Return Group-Owned Linked Prims if Any Component is in Share With Group

Description

« Hide

When any role in a group has the ability to "manipulate group objects", this also gives those with the role the ability to return group deeded objects, which is not described in the role ability.

This has existed for a long time and is often exploited by disgruntled group members to trash other peoples property, and cause financial loss due to bugs in returning group deeded objects properly.

This ability should be divided into two abilities:
a) to operate the scripts and modify the prim parameters, position, etc of group deeded objects.
b) to return or delete group deeded objects

LL might also consider separating (a) into two abilities so that renters can operate group deeded scripts (like televisions, etc) but not modify the objects otherwise.

ALSO: Objects owned by an individual but shared with the group can be returned by anybody in the group even if they have no abilities. This may be necessary for group building projects, but may also cause other issues. For instance, with rental groups, one renter in one parcel could return all the property of another renter in another parcel. This is a serious problem.

All

Comments

Change History

Sort Order:

[ Permlink | « Hide ]

IntLibber Brautigan added a comment - 15/May/09 01:00 PM

5491 does not properly troubleshoot the source of the problem, but this one does.

IntLibber Brautigan made changes - 15/May/09 01:00 PM

Field	Original Value	New Value
Link		This issue Relates to ~~VWR-5491~~ [ ~~VWR-5491~~ ]

Soft Linden made changes - 15/May/09 01:07 PM

Project	1. Second Life Viewer - VWR [ 10003 ]	2. Second Life Service - SVC [ 10002 ]
Key	VWR-13531	SVC-4259
Component/s		Groups [ 10222 ]
Component/s		Permissions [ 10221 ]
Component/s	Building (in-world) [ 10019 ]
Component/s	Permissions [ 10028 ]
Component/s	Land [ 10034 ]
Component/s	Groups [ 10223 ]

IntLibber Brautigan made changes - 15/May/09 02:56 PM

Description

When any role in a group has the ability to "manipulate group objects", this also gives those with the role the ability to return group deeded objects, which is not described in the role ability.

This has existed for a long time and is often exploited by disgruntled group members to trash other peoples property, and cause financial loss due to bugs in returning group deeded objects properly.

This ability should be divided into two abilities:
a) to operate the scripts and modify the prim parameters, position, etc of group deeded objects.
b) to return or delete group deeded objects

LL might also consider separating (a) into two abilities so that renters can operate group deeded scripts (like televisions, etc) but not modify the objects otherwise.

ALSO: Objects owned by an individual but shared with the group can be returned by anybody in the group even if they have no abilities. This may be necessary for group building projects, but may also cause other issues. For instance, with rental groups, one renter in one parcel could return all the property of another renter in another parcel. This is a serious problem.

[ Permlink | « Hide ]

Soft Linden added a comment - 19/May/09 10:18 PM

I'm going to nudge the priority down from major. Late thinking is much the same as ~~VWR-5401~~.

If one can edit objects, there are many ways one can force a return. They can be moved above the build ceiling, moved below the ground, moved to an adjacent parcel with a return time, deleted, and killed with an llDie script. As a result, removing the return option wouldn't offer new protection.

I'll ping a couple folks who have been around longer than I have, but this one may actually be by design as well. If so, it's worth explicitly spelling it out in the interface and documentation.

Soft Linden made changes - 19/May/09 10:18 PM

Priority

Major [ 3 ]

Normal [ 4 ]

[ Permlink | « Hide ]

IntLibber Brautigan added a comment - 25/May/09 02:49 AM - edited

I agree that the sharing issue is something unavoidable, unless we totally castrate the ability of people to build content as a group. Since this obviously goes against the content creation goals of SL, the problems with rental businesses needs to be addressed in another manner. The simple fact is that objects that are deeded to the group should have separate usage rights: operating scripts, modding prims, returning deleting objects are all abilities that should be at different levels of authorization. You dont want any group member to be able to return or delete group objects. It is simply insane to think this is a good idea to allow it, but those individuals do need to be able to be giving the ability to operate scripts, reset them, etc.

Continuing to allow these sorts of exploits is legally a lack of due diligence by LL wrt the assets of competitors. If the manipulate group objects bug is by design then the design is flawed and needs to be fixed.

Rather than downgrading the issue I would suggest rather to try to devise a plan to satisfy the needs of all sides here.