|
|
|
No, no, no, Harleen, stop it.
The objects returned to me are NOT repeat NOT NOT checked off "share with group". They are prefabs that I own that aren't checked off, obviously, nobody does that anymore because "share with group" objects are griefed. I've now had this happen 3 times on 3 different sims, and it is a bug. Accept that and move on to bugs you can understand and stop trying to undermine someone else's legitimate bug report. I have the "Second Life has returned" blah blah reports to prove it. I did not say it was not a bug, I did not say it does not happen to you. I did not say this was not a legimate bug. All I said was I get an error when trying this without Share with Group checked. You did not say whether Share with Group was checked or not in your description, so it is not obvious. I realize Share with Group objects are griefed a lot, especially in open groups, that does not mean it cannot be accidentally set.
Grow up and stop flaming anybody who comments on your issues. I assure you that these 3 prefabs returned were not in share-with-group.
Futhermore, try to use sense and logic here. It's beside the point WHAT their status is. A person without that role in the group to return group-set prims should not be able to return any prims whatsoever. Whether or not they are in "share with group" or not is IMMATERIAL to this bug as it is reported. The fact that some share-with-group objects that are not transferable delete when returned is a separate matter from the problem of being able to return them in the first place! Please stop trolling and stalking my reports and go mind your own business. This is a legitimate bug, it is a known issue from the past, and it is reported accurately. You're merely distracting with an extraneous issue. Stop it. You're the one who needs to grow up and stop pestering any bug I report with extraneous issues just to undermine the report and to show off. It's totally unnecessary, and a dysfunctionality that you should not be inflicting on a system like this. "I assure you that these 3 prefabs returned were not in share-with-group. " I believe you when you say they were not checked.
"Futhermore, try to use sense and logic here. It's beside the point WHAT their status is. A person without that role in the group to return group-set prims should not be able to return any prims whatsoever. Whether or not they are in "share with group" or not is IMMATERIAL to this bug as it is reported." It is most certainly not, as stated in I would not waste my time trolling and stalking your reports, I would have made the same comment on Harleen, you are trolling and engaging in spite and stalking. Stop it.
It is not true that "share with group" DEEDED objects are returnable. In fact, most people have a terribly time even taking them back and have to buy them back. It is immaterial to this bug I am reporting, and is not related to this SEPARATE problem of the ability to return group-set prims when you do not have that right. This is an old problem, Andrew Linden and other old Lindens know about this, ask any Linden, they will tell you. Seriously, you need to stop harassing other people reporting on the JIRA. Who said anything about deeded objects? But they are easily returnable and go back to the previous owner.
I never said this was not a separate issue, if I truly felt it was related I would have linked it as such. It is just not obvious since you failed to mention it in your description, and therefore relevant. Seriously, you need to grow up and stop accusing people of things they are not doing, the JIRA is not the place for it. Oh, I now see what could be at issue after getting more stuff back in lost and found and testing it even more.
The copy of the prefab as a whole, linked up, may not be checked off "share with group". But the group member not enabled for group-set returns may still be able to return it anyway if any component part of it is checked off in "share with group". If you look at the broken pieces of the prefab, you can see perhaps the maker left a "share with group" on a light or something, and that status then infects the whole build, I guess. Sigh. Oh, well, I don't care, there are many worse bugs. Obviously I can't go checking every single build to see if any of its prims at all are accidently in share, although I've had to do this before due to griefing. BTW, deeded versus share-with-group seem to make a difference. Having now read this claim of the Lindens that this is "by design" (? what design? one that isn't implemented yet?!), I wonder what is "up" with this. And I would have to conclude that it's either a severe attack of programmers' symmetry, where they have to have some feature set be symmetrical in some internal way to their coders' eye that is unrelated to reality (no one needs everyone in a group with all their roles to return all group-shared prims) OR there is a drive to return the group tools back to their hippie commune status of Lindenor.
Do you have any objects that solidly repro this you could put in a freebie box? Or steps we could use to repro?
Also, your summary is confusing. Is "share with group" checked for none of the prims, only one, the root or child prim? McCabe, there is no question that this was happening for weeks on end, and it was indeed "solidly repro'd" – that's why I posted this JIRA, after having numerous occasions when rental homes and other objects were returned to me by tenants, and I myself reproduced this with tests with my own alt.
There's nothing "confusing" about my summary; it says quite clearly "if share with group is checked on one of the components". Obviously that means if a prim is in "share with group". Whether it is root or child strikes me as immaterial and not necessary to chase down for the purposes of this problem. Rather than require me to put some object in a freebie box, which would be totally pointless as the group on that freebie area would be different than my group, I would urge you to merely test this yourself with your own group. I'll test it again myself. I have seen this bug come and go over various versions, it was not fixed, and not even acknowledged. But you also said "The objects returned to me are NOT repeat NOT NOT checked off "share with group"." which is where I got confused. Components could mean contents or parts of a link set, depending on how you read it.
Torley has a good guide for formatting a repro into easily understood steps: http://wiki.secondlife.com/wiki/User:Torley_Linden/Bug_reporting I recommend writing a repro in that format and putting it in your description, makes things easier for everybody. Yes, I've just confirmed that this bug, which for some reason the Lindens are trying to now proclaim as a feature, still very much pertains.
1. Set a group object to "share with group" with the role "officer" in the group which has the right to "deed objects to group" under "object management" which obviously includes the function of "share with group" which is the first step in "deed to group". Return objects from the parcel with this role, which has checked off under "parcel content" "return objects owned by group." 2. Log on an alt who has only "tenant" role in the group, a role for which the box is NOT checked off under "parcel content" for "return objects owned by group" and for which the box is NOT checked off for "deed to group". This role should NOT have those powers as they are NOT checked off in the group menu. 3. The alt, with only the limited role without the powers checked off, is nevertheless able to right-click and return the object from the land, and does NOT get the error message that should occur saying that he doesn't have the rights on this simulator. 4. This should NOT be happening because powers in group roles should matter, and if the power is NOT checked off, the avatar should NOT be able to return an object as indicated in the "parcel content" section. Obviously, if there is a box to check off or not, the original design in fact conceived of having this power or not. And it did work for a time. So for it to stop working is a bug, and the failure to acknowledge this baffles me totally. I could add that the additional factor here is that a prefab house made up of 100 prims might have some prim in it that is put in "share with group" which might not be readily visible, and that can enable the avatar to return the whole thing even without the powers. McCabe, you are overcomplexifying this, truly. Go do the test with a group and an alt and see the bug in effect.
I said the item was NOT checked off in share because originally, on a linked object, looking at the object menu, it did not appear to be checked off. It was only by examining the coalesced returned item, that had split into pieces, that eventually I found one piece that was checked off in "share" with then explained the problem. But it truly is immaterial. As even in a single prim, you can see this bug play out. Or in a linked prim. Immaterial. Hi Prokofy, are you still experiencing this problem using the latest version of Second Life?
Indeed I do, Alexa. It never went away, and continues to be a reason for lost, stolen and griefed property. Yesterday, a crazy neighbour just came over and joined my open group, then used "return" to return a house that had rezzed out "share with group" because the creator had left on "share".
I tested it myself again just now. 1. Rezzed two cubes, one with "share with group" and the other "deeded to group Once again: 1. Root prims have nothing to do with anything. Just try it on a simply plywood cube. I confirmed this issue for Prokofy ages ago.
Soft says it's "working as designed", but I think the design is wrong. If things aren't behaving as residents expect, then it's a bug. It's not about "as residents expect". It's about working *as the Lindens who originally designed them made them to work". The group tool checkoff boxes clearly illustrate this.
No Solar, go and test it before making prejudicial redactions. You continue to confuse "group share" as "group owned". Group share is different than group deeded or group owned in actuality. Group set is merely a separate function to prevent prim return.
Members of the group who are not authorized to do so with the existing permissions of the group, as they are implemented in check-off boxes, can access group-set prims and return them, even if not given that role AND they can access "share with group" and return them, AND access group-DEEDED (which you call "group-owned") objects as well. ALL are problems. ALL stem from a bug or flaw that refuses to recognize the RESTRICTIONS available in the control of the object through group roles and their limitations. Obsessing about the object itself, and whether it is is "set", "share" or "deeded" is irrelevant. The issue is that people unauthorized are able to access group prims even if their role in the group doesn't admit them. I do hope the Lindens are not only addressing the narrow issue here of the infection of a build with "share". I do hope they are addressing the problem of the roles not restricting as intended, so that roles not intended for access are gaining the access. I just ran through these test again, because I'm happy to be scientific.
I made three prims, red, blue, yellow myself, then logged on alts to test it: 1. Red had no group set at all. The member of the group who does not have the power to access group-set objects is able to do so when they are in group-share as well. THAT is the problem. The member of the group who does not have the power to access group-DEEDED objects cannot access them (that bug is not present in this version and isn't the subject of this JIRA anyway). So the problem is that shared objects do not respect group role limitations, even though the power is supposed to be limited in a role. I next tried making linked sets of prims, mixing one share-with-group prim into a set of non-shared, so that the final linked object looks as if it isn't in share. and THAT is the problem. You can have a house or chair that looks as if it is not in share, but people return it, without having the power to return group-set prims, like officers, because of the infection. So I'd like to know: is this narrow issue the only one Lindens will deal with? Or will they address the problem of people without the power to return group-SET objects being able to return them when they are also group-SHARED. Prokofy, I share your frustration at this 'design'. Currently there is no way to allow ONLY my "officers" to move group objects. eg. furniture for tenants. Once I share the furniture with the group, Everyone can move it, and worse, return it. This makes the parcel roles quite redundant. I've gone back and undeeded the land back to myself. Then set the furniture to another group, and shared it with another group, that is different to the tenant group. Only drawback now is that my officers can no longer return any objects left behind by old tenants, as the land is no longer deeded to any group at all.
This is expected behavior. I pinged Rx for a clearer tooltip on "Share with group" and they came up with:
"Allow all members of the set group to share and use your permissions for this object. You must Deed to enable role restrictions." Was: No, Soft.
You are closing this proposal prejudiciously, because you don't like my opinion, and you are trying to silence me from another thread, the VWR discussion on mass setting of permissions. So you are trawling around looking for my proposals and trying to shut them down. This is NOT repeat NOT expected behaviour. That's because there is A BOX TO CHECK OFF on the group ROLES that says essentially "give this role access for shared/deeded objects or not". If there wasn't a box giving that option, as was in the original design, as as it originally worked, then you'd have a case. But there is a box, so you don't. Putting in an error message is not a solution. Fixing this bug becomes even more critical now that you are fanning the "mass liberation" feature, as groups will then be even more at the mercy of owners' whims, and conversely owners will not be able to protect themselves from theft of deeded objects by first-level membership in open groups that they have not CHECKED OFF THE BOX to grant ACCESS to deeded/shared objects. Your resolution of this matter flies in the face of the viewer itself, which shows a check-off box. I'll go get a screenshot. Re-opened as explained, as it is a bug, not a feature request, as the design indicates.
Group rolls illustrate that this is a check-off box to deed, copy/control, or sell group-deeded objects. That means if it is accessed by persons who are not checked off for that roll, it is indeed a bug.
There is a difference between "Share with group" and a group-deeded object. The reason for the Rx-suggested text is that it makes this "Deed" difference more clear.
I know that Soft. Except that when it comes to share/deed, the issue for returning group-set objects is the same.
I've just re-tested this again. An alt without the powers to return group-set objects is able to do that to a group-deeded object: You have received a message from Second Life: Go in my group or any group and see for yourself. This is how TVs get destroyed, because some objects not on transfer destroy upon being returned from group land because the server doesn't know which avatar to return the collectivized object, as it is no longer showing individual ownership. That should tell you something - about many things. I'm not going to engage in an open/close war here, however, I will be abuse reporting you for deliberate harassment as it's clear what you're up to here.
Another glaring fact is that Workingonit was assigned to this. If it is "expected behavior" what is he doing on here? um, just fixing an RX-suggested test? Hardly. Only in the opensource culture of Second Life could an object deeded to the group so that anyone in the group can access it be called "not the same as share". And the fact remains that anyone can return what is in fact this group-set object obviously (it couldn't be deeded if it weren't group-set), and that means they can join an open group and destroy things.
It's true that share with group needs to be set in order to deed. Once deeded, that checkbox is cleared. So long as the box isn't checked yet again, the object shouldn't be returnable. I've amended Rx's suggested text to make that clear.
Are you saying that you see a case where a deeded object is returnable without a permissive group role, and without the "Share with group" checkmark being set? As I read this issue summary, the situation was that the checkmark was set. Soft, it is not that the box is "unchecked". It is merely that the object changes to the next stage. You check the box "share with group," and then press DEED and it becomes a deeded object. You don't "uncheck the box".
There is a different way this manifests now on the object than it used to. It used to be that the check stayed appearing in the box in the "deeded" phase. At some point that stopped showing – that's related to this bug. To characterize an object as "no longer in share" because it is now "deeded" strikes me as absolute sophistry. Of course it's in "share" regardless if you see "a check in the box" – you can't deed an object UNLESS it is first put in "share". At no point do you "remove the check" or 'unshare it" when you deed it – you simply press "deed to group" and it becomes a deeded object. A deeded object is a shared object. The problem is then that without having the power to return group-shared objects checked off in the group roles, a power usually only left to owners/officers, a group member is able to return deeded objects – deeded objects which are obviously set to the group, because they don't return from the land, they are deeded to the group, and their group shows as that group. To claim that an item is "no longer shared" because it is deeded seems to wilfully disregard that the group affiliation of the object shows as that group that it was deeded to. It indeed has a group setting! Go and test it inworld. And I fail to see why this is so hard to accept. The group roles foresee a power which is to return or not return group set objects and to manipulate, sell, move deeded objects. Let me repeat again what's at stake here:
"Members of the group who are not authorized to do so with the existing permissions of the group, as they are implemented in check-off boxes, can access group-set prims and return them, even if not given that role AND they can access "share with group" and return them, AND access group-DEEDED (which you call "group-owned") objects as well. ALL are problems. ALL stem from a bug or flaw that refuses to recognize the RESTRICTIONS available in the control of the object through group roles and their limitations. Obsessing about the object itself, and whether it is is "set", "share" or "deeded" is irrelevant. The issue is that people unauthorized are able to access group prims even if their role in the group doesn't admit them, whether in the share or deed status. Here is the repro yet again which I just tested yet again. 1. Rez one prim, check off "set to group" and then click "deed to group" to make a group-deeded object. This is NOT "expected behavior" in either case, as there are existing check-off boxes for group roles that specify the access to objects, as to their returning or their moving, copying, selling if deeded, that should not be accessible unless that member is checked off for those group roles. See also http://jira.secondlife.com/browse/SVC-121
Originally in January 2009 the Lindens revisisted this JIRA VWR 5491 and marked it critical. Not respecting group roles is indeed critical. @Prokofy, are you saying that the deeded object in your step #1 above is returnable by another group member who is not in a permissive role? Be sure to try it and see that the object is successfully returned. When I try this, I select "return" and then I see a message from the server saying that this is not permitted. If an object were set as deeded and could be returned, that would be a valid bug.
If you are able to successfully return the object, listing the time and the region where it happened would be helpful. We can then look at the simulator logs to see why the return was permitted. Be sure however, that you're not doing this with an alt that may have estate manager access. Soft, you have got to be kidding.
This is being done on the Mainland where neither I nor the alt have "estate manager access". Yes indeed the object is returnable by another group member who is not in that permissive role, as I've been saying for more than a year! When I have time later I will go and record all the messages of return from the server that come with this and screenshots of the avatars' roles. Wait a second.
Did you fix the behaviour or did you just put in some "RX Safety Message" about this?! Because the behaviour is indeed the bug. It does indeed happen, avatars without the access to the role permissions for returning group-set objects are able to return them. There's no point to having group powers and access levels to permissions within a group if in fact they are overrided, and we're suddenly informed this is "expected behaviour". Of course it isn't expected behaviour when you someone who is not supposed to be able to return group-set prims can return them! Why is this so hard to accept?! I've added a long transcript of an experiment inworld with a volunteer to test the 3 different types of permissions in the group, showing the ability to return group-set prims when you do not have that power.
The resolution on this should not have been changed. The tooltip has been updated, as described above.
As mentioned in other instances of this issue, this would be neither a VWR- issue nor a bug. SVC-585 or a new SVC- "new feature" issue would be your best venue for trying to affect a change.
We're not smuggling in a fundamental change of the permissions system's design without appropriate vetting just by calling it a bug fix. Soft, this is a bug. It is a malfunctioning of the design. If a resident in a group who does not have permission to return group-set prims is able to return them, that's a bug.
That is not a feature request. It is not a "tool tip" that is needed. It's a bug. Your strange persistence on this really boggles my mind. What does it take? Can you schedule a time to come inworld and see this demonstrated yourself? It's been amply documented 4 times now for you. In fact, what you're doing is smuggling in a tool tip to pretend there isn't a bug in the permission systems. Look at the groups. Do you ever work with groups and group objects, Soft? No design would be changed, as you can see in the screenshot of the group tools menu.
The design would simply begin to function as it is supposed to with a bug fix, which is that someone without the power to remove group-set prims would not be able to do so. The problem with your transcript and your repros is you do not give the specifics of the Share with group flag and the permissions for the cubes. And a standard default permission (no mod/no copy/transfer) deeded object is not returnable without the correct group abilities, thus anyone trying to reproduce your issue is unable to reproduce it.
Shared returnable object:
Deeded non-returnable object:
Deeded non-returnable object:
Deeded returnable object:
Look, you are making this far, far more complicated than it needs to be, and also not fully reporting on the problem which I've tested AGAIN and repro'd AGAIN for the 10th time now:
A) 1. Join the open group Ravenglass Rentals, use my profile to find and join this OPEN group with no invitation. o return group-owned object If for some reason you can't see the role descriptions listed, look at the screenshot above, no. 2 3. Proceed to return a group-shared object which you are not empowered in the group to return. 4. Note that you cannot return group-deeded objects or non-group objects which you are not empowered to do. B) Ask for and get checked off the resident status in Ravenglass Rentals which now gives you access to the following powers (see screenshot): o return non-group prims This status does NOT give you the power to return group-set prims or group-owned prims. These are two different statuses. Look at the check-off boxes of power in the group. 1. Try to return group-set objects – you cannot, you get error messages So there are two bugs, one evident in the power of those without access to return group-set prims, and those with access to that power, to return group-owned prims that they do NOT have access to. Just look at the menu of group permissions. Soft, you are apparently not looking at group roles and seeing the issue here. This is not about tool tips. If anybody "smuggled in any designs," it's, uh, the Lindens that came before you who, in their wisdom, because we discussed during beta, put in two categories of powers, group-set and group-owned, and made two sets of powers to be checked off in the group. Your first error is in your claim that "this is by design".
That is belied by the fact that there is a CHECKOFF BOX and if it is NOT checked then that group member SHOULD NOT HAVE the power to return prims. That should be abundantly obvious. You've also made another error, claiming that you can "uncheck" share with group after you've deeded something. You can't. First you check "share with group." Then you deed. Deeding locks in the object as deeded until you can sell it back to yourself for $0 or sell it to another. It does not enable changing "share" or not. By definition, a group deeded object is in fact shareable in the group as well. But it should NOT be returnable by those NOT accessed to return group-owned objects. Dessie has confirmed to me that all she is doing is putting in a tool tip that explains "share with group" means "share with all members of the group".
But that's not what this bug is about. This is about the group permissions, and the role that does not allow RETURNS of group-shared objects. I've renamed this bug report to take away the sub-issue of "linked prims," which is true, but not the main issue.
The main issue is that people in roles not expected to be able to perform certain actions can in fact perform them. 2. Note that in the roles, you do not have permission to access these powers in the group: o return group-owned object There is no such role ability as "return group-shared objects." Look at your own picture. B) Ask for and get checked off the resident status in Ravenglass Rentals which now gives you access to the following powers (see screenshot): o return non-group prims This status does NOT give you the power to return group-set prims or group-owned prims. These are two different statuses. Look at the check-off boxes of power in the group. 1. Try to return group-set objects - you cannot, you get error messages If group-owned objects are returnable via the non-group permission, that sounds like a bug. The three permissions above sound like they ought to cover three non-intersecting sets of objects. That should be covered in a new JIRA, though. It has nothing to do with "Share with group." I've renamed this bug report to take away the sub-issue of "linked prims," which is true, but not the main issue. The main issue is that people in roles not expected to be able to perform certain actions can in fact perform them. No, you've done more than that. Old Summary: Group Members Not Enabled to Do So Can Return Group-Owned Linked Prims if Any Component is in Share With Group New summary: Group Members Not Enabled to Do in Group Roles Can Return Group-Shared and Group-Owned Objects You've added a completely different bug. You should make a separate, new issue if there's an overlap as described in the previous comment. Returning group-shared objects is not a bug - it's expected behavior. Adding a new, unrelated issue into the same JIRA makes a mess. No, Soft. Returning group-shared prims when you do not have the power to do so IS a bug.
And I did not create a new bug here. I merely changed the title which referred specifically to "with any linked prims in share with group" to just "share with group" that's all. It's not making a mess but removing a distraction.
Attached screenshots of shared and unshared deeded objects. @prokofy - A new JIRA with something like the below would be easy for people to test, and would point to a new, valid bug if peers can reproduce it. Feel free to use this text or something like it if this is what you're attempting to convey. Practicing concise, clear communication helps tremendously in JIRA:
Summary: "Return non-group objects" role permission enables returning group-owned objects There are three role permissions, covering three distinct sets of objects: Enabling the 3rd permission also allows a resi to return group-owned objects. This should only be possible if the 1st permission is enabled. Harleen,
Whether group-shared and deeded, or whether group-deeded and NOT shared, roles without those accesses in the group can still return objects. I just repro'd it again. I don't disagree, waiting for you to create that JIRA as Soft suggested so I can vote to get it fixed.
@Soft Linden I've explained this very clearly and concisely since day one, here and on the other JIRA.
Your summary here is STILL WRONG and you are still NOT GETTING IT Soft. What does it take? I am reopening it, because I have yet again got a witness inworld to see this: Group members without the role to return group-shared and group-deeded prims are able to return them – a bug. Soft, see this demonstrated in world if you must. It is written clearly.
Please confirm with any group with permissions set that you can see, if you refuse to do it with my group, that group members without the power to return GROUP-SHARED objects CAN return them.
This bug affects two types of permissions: o group-shared Harleen, I created the JIRA. It's this one, and has always been this one. What sense is there to create ANOTHER JIRA, when in fact we have TWO declared as duplicates, and still a refusal to believe this?!
Look, Soft, it's very simple. I will go on reporting this bug as I originally reported it because it's a huge problem in group rentals.
It enables theft and destruction of private property and group property both. That's wrong, when there are tools that have options to prevent that, and always were. It means hundreds of real dollars lost in TVs and prefabs especially as they are deeded, or put in share sometimes to be able to texture or move them. So I want to get clarity on this and I need you to look at the facts and see this is not about tool tips or expected behavior. The new JIRA you're suggesting is COMPLETELY IRRELEVANT to the BUGS here. It's something from a different issue COMPLETELY. Harleen,
Please note the following: 1. You are right that it is possible to UNSHARE a deeded object. Few would get to that point. You must FIRST SHARE IT in order to DEED IT. Then you'd have to GO BACK and UNSHARE it, which would still keep it deeded. YOU ARE RIGHT that is the case. But please keep listening. 2. You are right that it is possible to PUT IN SHARE a deeded object, making it a different status object. 3. But what you are not hearing is that PEOPLE NOT GRANTED THE ABILITY IN THE GROUP TO RETURN GROUP SHARED OR GROUP OWNED OBJECTS ARE ABLE TO DO SO. Re: this statement of March 2008: It is not true that "share with group" DEEDED objects are returnable
In fact they are NOW. This bug does come and go. What was true in March 2008, i.e. that these items weren't being returned by those without powers is NO LONGER true. Now they CAN be returned. I just tested this again with witnesses.
It has not been this way for a long time, it is unshared automatically when deeded.
I do hear you and I agree that group-owned objects should not be returnable with non-group object return permission, is there any other way this can be done? Ok let me make this simple:
a) sharing an object with a group enables ANYBODY in the group to move/return it. thats how the software is supposed to work b) deeding an object to a group with NO sharing, limits moving/returning ability to those who have that ability in the roles they have in the group. This is how the software is intended to run, prokofy is refusing to acknowledge this. Not a bug. If you dont share it, it can't be modified by anybody who isn't in the proper role to do so. If you share it, you share it with the whole group. The real problem is that in the object management ability area, the "manipulated group objects" gives people this ability to return. Always has. What I recommend is that this JIRA be modified to recommend splitting this ability into two abilities, one is to manipulate group objects, another is to return them to their original owner. I can confirm this issue.
Being in group with no permissions I can: return shared objects. Being in group with ONLY the permision to return NON GROUP OBJECTS I can return objects that are DEEDED but NOT SHARED with group! This is a nasty bug for land lords. No, Intlibber, you are irrelevant to this problem.
a) sharing or deeding does NOT enable returning because there is a design in the group tools, with a checkoff box, that enables the owner of the group to DECIDE if he wants that role for residents to include that ability to return or not Go and read PARCEL CONTENT role abilities, study their powers, repro the bug in your groups with varying powers and you will see it. Everyone knows that share with group means you can move the object if you are in the group. We get all that. But it should NOT enable returns *if you are not checked off for that power on the parcel content folder of the group abilities". Full stop. It was designed that way. It functioned that way. It stopped functioning that way. It is a bug. Okay... am using Second Life 1.23.1 (119104) May 4 2009 17:53:10 (Second Life Release Candidate), which has the following options for group roles (under Parcel Content):
I temporarily joined Prok's group and none of the above are set (checked). Prok set out several prims, set as follows: 1 prim => is set to group, no group share, no group deed I can return a group shared and group deeded object, even though those capabilities are not set for my membership level. This is a VERY SERIOUS BUG. And all land owners who rely upon group settings to manage their land are vulnerable to this bug, in that anyone who belongs to their group, can return their group shared or deeded items. The result? Tremendous loss of time in that they would then have to rebuild. And, this is not just about griefing. How many times have you been editing and accidentally deleted the wrong item. Well, in this case, a group deeded or group shared item would be returned to owner. Very bad. Very very bad. Please fix this. Thanks! BTW, if the Lindens cannot or will not fix this BUG, which is indeed a BUG, because there is a DESIGN with CHECKOFF boxes, then "tool tips" and "RX warnings" are not a solution.
The only solution would be to physically delete the checkoff box granting the powers as options in PARCEL CONTENT under group ROLES. The presence of this checkoff box with its granulated perms lets us know this is a design, not to enable people to return items unless empowered to do so. It used to work, after the bug was noted, and fixed in beta testing of group tools in 2005. The group permissions bug returned in 2007-2008, is not a feature, and is not expected. So change your design if you must so as not to mislead people into thinking they can provide granulated powers when they really can't, due to a bug, but don't keep banging me over the head claiming "the software is functioning as expected" unless you expect me to remain wilfully blind to a checkoff box that has granulated powers. I can also confirm the issue. Having nothing but the 'Parcel Contents-> Return non-group objects' ability, which means 'Return all objects' is unchecked, I can return anything deeded to the group, shared or not shared. This has the equivalent effect of making deeded objects the same as shared objects, meaning anyone in the group can not only move them, but return them even when such ability is NOT checked in the given group role. Separate ticket or not, this is bad news, which I plan on blogging about, with machinima, and tweeting over the weekend if for no other reason that prevent new landlords from using this clearly broken 'feature'.
Here are my viewer details, although viewer should have nothing to do with this since permissions should be server-side: Second Life 1.23.1 (119104) May 4 2009 17:53:10 (Second Life Release Candidate) Built with MSVC version 1400 You are at 261159.1, 256479.8, 759.3 in Scafell located at sim3013.agni.lindenlab.com (216.82.20.2:13002) CPU: Intel Pentium III/Pentium III Xeon (0.25 micron process) with external L2 cache (3158 MHz) The Linden claiming it is "by design" is not a Linden who designed it, but a Linden who wants to undesign it because they have a different idea about property rights than the original designers. That's wrong.
You can't put a tool tip or notion saying "share with group doesn't respect role limitations" when you have a role limitation "return share with group" or "don't return share with group" Unless of course you are planning on taking that box, with those powers, and those options, under PARCEL CONTENT and lobbotomizing them out of the group tools to pretend there is no bug. "The Linden claiming it is "by design" is not a Linden who designed it, but a Linden who wants to undesign it because they have a different idea about property rights than the original designers. That's wrong."
My personal advocacy of rugged individualism and inalienable personal property rights come into play here? You assume far too much. Keep this about the issue. Not the individuals involved. It's sounding like the problem is indeed https://jira.secondlife.com/browse/VWR-5491#action_111461 13531 accurately troubleshoots the source of the bug to the "manipulate group objects" role ability and not where Prokofy erroneously points in 5491.
Thanks, IntLibber. I moved it to SVC-4259 as it would be a server issue. Prokofy and/or Angela - would you see if that looks like your issue? Trying your repro with and without the manipulate ability would help isolate the problem.
>Trying your repro with and without the manipulate ability would help isolate the problem.
No, that was eliminated long ago. "Manipulate" is not checked off, and yet people not authorized to return shared objects are able to share them. In a separate function, if manipulate is checked off, they can return deeded objects even though they are not authorized to return group owned objects. >My personal advocacy of rugged individualism and inalienable personal property rights come into play here? You assume far too much. Keep this about the issue. Not the individuals involved. If that's so, open up any group you are in, go to group> roles and examine the group abilities, look at the folder PARCEL CONTENT, look at the four kinds of abilities there, represented as check-off boxes: PARCEL CONTENT [ ] Return objects owned by group And now answer this question: If returning objects is not an optional power that the owner grants or does not grant, why are their checkoff boxes, Soft? Nobody ever said these were optional. They have no effect with group-shared objects. They should have effect with any objects not set group-shared. With group-deeded, group-set and non-group objects, the appropriate role ability needs to be set to allow return. If there are specific circumstances where these are not obeyed which have nothing to do with group-shared objects, those ought to be identified and fixed.
Once again, is what you're saying different than https://jira.secondlife.com/browse/VWR-5491#action_111461 If this is not what you are describing, try a set of repro steps. Just say what happened, what you expected to happen, and what happened instead. Don't include group-share commentary, don't create a series of objects and interleave commentary. Keep it clear. Soft,
Abilities in the group are optional - - you check them on or off. One of the abilities is "return objects from parcels". Under Parcel Content, the abilities are divided into: [ ] return objects owned by group Those are options. If they are not checked, i.e. you are not granted those abilities, you should not be able to return objects. Yet you can. It's been documented here several times. 1. Join a group that is open. This is not expected behaviour. Here's what you are not conceding, Soft:
An object that is shared is an object that is set to the group. In order to be shared with a group, obviously, an object has to be set to that group first. Then shared. All shared objects have the status of a set object. Therefore, being able to return objects set to the group when you are not granted that power is NOT an expected behaviour. You are saying that the status "share with group" should override the rules for "set to group". Why? Set to group is set to group. The rules say you cannot return group-set prims unless you are checked off with that power to do so. Why do you think "share" overrides the intentions of the group owner for abilities? Could you describe the use cases where you'd need to return an object set to the group AND the group owner had not authorized your role to be able to return group-set objects? If the owner wanted you to be able to do that, he'd check you off to be able to return group-set objects. You do realize that returning group-set items often destroys builds by delinking them. Things often get lost on the servers when returned from parcels and you never get them back. Deeded items on np-transfer, when returned with this bug against the original designer's rules, are destroyed permanently. So this is a destructive bug, the tools are not functioned as they should be under their original design, and "share with group" is being over-privileged as some kind of exception. "Share with group" was intended to assist group builds, enable people to change textures on prefabs, move objects around. It was not intended to assist in returning them from parcels completely, risking their loss, by people not authorized in the group with the role of making decisions about what to return from parcels. So, as I understand it, you're asking that "Share with group" be changed to grant no return permissions at all. You don't want individual residents to be able to grant a superset of the group role-permitted return policies on their own objects, as you want that to be strictly under the group owners' control.
And your objection to SVC-585 is that you want the same policy used only for returning objects. You still want "Share with group" to permit edit, move, copy, etc under the current rules. It's only the return policy you would want changed per SVC-585. This isn't a judgment or an evaluation of that request. I'm trying to get clarity on this. It's not that I "want" share with group to be "changed" to grant "no permissions at all".
It's that *the group tool permissions work that way by design". They allow choice. I can "want" or "not want" to give someone permission to return things. It's a granular permission. Once they have permission to return group-set prims, they can, when they wish, when they are shared – or even not shared! Ditto group-owned prims (group-deeded prims). Why you would construe these obvious design features with very clean intent and granular permissions as something easily overriden by the "share" action is beyond me. Please answer this question: Could you describe the use cases where you'd need to return an object set to the group AND the group owner had not authorized your role to be able to return group-set objects? Re: "So, as I understand it, you're asking that "Share with group" be changed to grant no return permissions at all. You don't want individual residents to be able to grant a superset of the group role-permitted return policies on their own objects, as you want that to be strictly under the group owners' control.
And your objection to SVC-585 is that you want the same policy used only for returning objects. You still want "Share with group" to permit edit, move, copy, etc under the current rules. It's only the return policy you would want changed per SVC-585." "Share" means "Share". Share means "edit, move". It has never meant "return". No, individual residents should not be able to override the owners' rule for non-returns from his land he owns and pays tier on on objects that either he decides to share and return, or objects that are already in share and he accesses them and then decides to return them. This isn't some sort of "tyranny" of the group owner, because you can make a group owner or owners or officers all of whom have the power to return group-set prims, then they are free to do so. The purpose of this feature, already in the group tools, is to prevent loss or destruction or theft of property. Please outline the use case where you feel that a group member should be able to override the owners' wishes regarding the safeguarding of shared property such as to be able to return anyone's prims in the group on a whim. Shared objects are not only one resident's own object set to the group he decided to share; they are shared objects from anybody in the group. And allowing any one person in the group to override the group owners' wishes regarding group-set object returns defeats the rules set up for group-set objects. A shared object is first and foremost a group-set object. A shared object is meant for sharing, not returning/loss/destruction. Has anyone, except Prok, repro'd this in some group other than Prok's? I've been trying to return group deeded+shared objects and it's not allowing it. Is it an intermittent bug?
@Elanthius - SVC-4259 is how it is done.
Nobody mentioned tyranny. Putting that in quotes is disingenuous.
The use case for allowing object returns with "Share with group" is the same use case for editing and modifying. It allows an unprivileged group member to collaborate with another unprivileged group member. Removing extra prims is part of building. Thinking about this, I can't see wisdom in separating return ability from edit or movement ability. If we removed the ability to return group-sahred objects, the objects could still be returned by moving them above 4096m, moving them below ground, deleting them, setting them temporary, or adding an llDie() script to the prim if it's modifiable. All the change would do would do is remove the pie menu option without removing the ability to accomplish the same thing by many other means. Soft, the "tyranny" is definitely implied by indicating that there is some overbearing will creating permission limitations – when in fact creating permission limitations is merely damage control and good management. And your reading is accentuated by claiming that someone without those permissions is now suddenly "underprivileged".
On his own land in his own group, he can do what he likes. On someone else's land or business, he will face limitations. That's not being "underprivileged" like the poor, that is simply facing restrictoins due to good management. If you want someone to be able to remove stray prims in your group, you can easily privilege them by checking off the box that says "return group-set prims". That's all. There's no reason to put the burden of that on having "share" override all the rules. Second Life is made up of many people who share their owned land with strangers – in commerce, rentals, non-profits, educational contexts that are not based on close-knit groups of people. This is a form of collaboration that may not be the "magic" of open source described on your profile, but it is magical in its own right because it pays the bills. People with group land and group businesses wish for the tools to work as designed in 2005, and not defeat the purpose of business management. Your use case hinges on a notion of Second Life as merely a sandbox, or a place where people do collaborative builds where their collective collaboration on the build is the only concern, and property issues are less of a concern or no concern at all. But the bug is reported due to its adverse effect on another very widespread use case of Second Life which is for group rentals, group businesses such as malls or clubs, etc. In those cases, you do not want an "unprivileged" group member "collaborating" with another "unprivileged" group member to return management prims or another tenants' prims. That causes destruction and loss of property. The putative good of enabling group builds is definitely outweighed by the hundreds of real dollars lost due to property destruction. There is a very different dynamic between a close-knit group of friends working on a collaborative build and people who rent or shop or find entertainment on group land. The former have chosen who they associate with in a group and don't worry about things like deliberate or accidental return of prims and their destruction ,and think of "share" as a "builder's convenience". The latter need to have good management of people to ensure that one person doesn't destroy another person's property. This bug is reported – and it is a bug – because it departs from the definite re-design of the group tools in 2005 which took them away from their exclusively collectivized format, where there was little limitations on group members, and griefing and theft of land and objects were rampant . The changes in 2005 made group tools fit for business and other collaboration that doesn't require an outlook such as one would have in a beta test in a sandbook with likeminded pioneers. This bug is reported because it destroys property. TVs are constantly being returned, accidently or on purpose, and if they are on "no-transfer" they are destroyed. Prefabs and entire builds and infrastructures are constantly being returned, accidently or on purpose, because one prim in "share" means the entire thing because vulnerable to such returns, causing lots of destruction between the build can delink when returned, and be impossible to fix if it wasn't copyable. People who need to build and return other people's "extra prims" who feel they are underprivileged do not need to be in group rentals. They need to be in public sandboxes or at friends' sims who let the underprivileged build. Or they can go on Wikitecture's Island. Group builders are a tiny percentage of SL residents' use. The bug that enables this tiny percentage to flourish cannot be privileged and allowed to defeat rules established in groups for awarding or not awarding the right to return prims. Soft, I've read all this but haven't posted since most of this is over my head and what's needed to be said has been said and I have no side and take no side in this but what I do understand is that if nothing else there is a serious documentation problem here if people think a permissions function does one thing and in reality it does another and that should be clarified. I would create a new JIRA issue to suggest that but I don't understand this enough to do so confidently.
Re: "the objects could still be returned by moving them above 4096m, moving them below ground, deleting them, setting them temporary, or adding an llDie() script to the prim if it's modifiable."
This is thinking like a scripter or even a griefer, and it is not the use case of returns that happens in the overwhelming majority of use cases in SL which have to do with rentals, businesses, clubs, etc. The majority of people in SL do not script or know what ' llDie() script" is or how to get it to act; they don't even know how to put things up in the air at 4096; they also tend not to realize they can even push things in the ground. This is sandbox culture, not the culture of the overwhelming majority of settlers in SL now. In those cases, people do not know enough to cook up something like adding llDie() script , nor do they think to move things below the ground, as most people tend to accept the ground metaphor. The majority of cases of return are accidental, or deliberate in the sense that the person who maliciously returns an object doesn't have the abilities to think up things like putting it above 4096 or llDie() script , but merely has the will to right-click and select "return" when he sees it is possible because of the bug in the tool's design. My apologies for re-opening this issue, however it remains unresolved and is still, indeed a bug. Will clarify in next post.
@gordon - Agreed. The tooltip has been clarified to better represent what "Share with group" permits, and there's a task to expand on the knowledgebase permissions article.
@prokofy - "Tyranny" would be a silly term to use when the group is opt in in the first place. Tyranny necessitates force. And building happens in creating residents' homes and businesses, not just in sandboxes. I don't see anything that deals with the fact that restricting pie menu return ability still leaves five other methods of object return and destruction available for editable and movable objects. This makes it hard to understand why a change would help here. It seems like it would only partially obfuscate the available options, creating a false impression of "Share with group"'s abilities. I decided to create a "GROUP OBJECT TEST" build in order to provide a repeatable pathway for anyone who wishes to try this out for themselves. If you are interested, please feel free to im me inworld and I will give you the test build.
That being said, while I designed the test to check all potential paths, since the lowest common denominator failed, all others will fail as well. The lowest common denominator, in this case is a group member with absolutely no permissions whatsoever, outside of just being "in the group." The results for this case is as follows: Viewers tried: ROLE: everyone NOT SET TO GROUP SET TO GROUP SHARED, DELETE, Are you sure you want to delete this item? SET TO GROUP As you can see from the above, the return has not a thing to do with the manipulate object ability under the object managment section for member roles. For those who wish to recreate it, please contact me inworld, and I will give you the Group Object Test build, that comes with instructions, so that you may test it out for yourself. Unless someone can prove otherwise, as far as I can see, this is still a bug. Again, this has not a thing to do with any role abilities, as none whatsoever were activated for this generic group member. Once again - the current ability to return group-shared objects is expected behavior. Do not reopen this issue based on group-share. If you want to change that behavior, it needs to be a new feature request, and in the SVC- project. It's neither a bug nor a viewer issue.
@ Angela
Take an unshared, deeded object. A member with no abilities cannot return/delete the object. Now give the same member Object Management->Manipulate group-owned objects ability. They can now return/delete the object. This is what SVC-4259 is about. Soft, you are the one implying that restrictions in the group lead to an "underprivileged" state for some residents. But they have opt-in and opt-out too. They can make their own group and go on their own land or a friend's land.
Hi Soft, was reposting the above with a screen shot. So want to address your comment.
The share with group is a problem, as it stands today. For a number of reasons. One being, obvious, the definitive meaning, as you so note. So... let's consider some proposed use cases... Case one: I am managing group land which contains a variety of builds. I wish to rent space to various individuals. Therefore, I have created a group for my renters. In this case, outside of the ability to rez objects, I am not giving my renters access to my builds (i.e., share with group). Therefore, they cannot modify or otherwise change these builds. This one is simple, of course, as my objects can simply remain unset (or, if I am using parcel return, set to group). Case two: Similar case one, however, I do have group members who are part of my team. Therefore, I want them to have modification access to my builds. In this scenario, I would set the object to group, and assign those members to a role that includes modify group objects, under object management. I would also need to deed the object to group for this case to properly work. Nota bene: In this scenario, an individual who has mod access to group deeded objects can return those objects as well. Case three: Similar to case one, however, I do have group members who are acting as rental managers as well. These members must have the ability to return group set objects in my absence. In this scenario, I assign those members to a role that includes "Return objects set to group" under the parcel powers. These members would not be able to mod the renter's objects. However they would be able to return them if the renter say, defaulted on rent payments. Case four: Similar to case one, however, I do have group members who are acting as say, parcel administrators as well. These members must have the ability to return group deeded objects in my absence. In this scenario, I assign those members to a role that includes "Return objects owned by group" under the parcel powers. These members would not be able to mod the group owned objects. However they would be able to return them if say, the group needed more prim space for a group build. Case five: I hired joe content creator to help me with my build. However, I do not want to deed the build to the group. In order to address this case, I decide to set the build to "share with group" and invite him to the respective group. This way, he can modify the objects as necessary. However, by doing this, not only can he modify the shared objects, so can everyone else who is in the group. This leaves me, with a conundrum. How can I resolve this? One possibility is to create a sister "construction" group. However, I have already used up all of my available group slots. One potential solution to this is to remove the "delete" capability from the share with group pathway. Think of this in terms of the OS read, write, execute, delete access to a file. In this proposed scenario, the "delete" capability would only be available to those members whose roles include "return objects set to group." And this scenario would nicely provide the needed granularity for managing group objects. @Harleen, issue SVC-4259 is not at all what this issue is about. Do you not think I tested that issue as well? Of course I did. Please feel free to IM me inworld, and I will give you the test you can try it for yourself. It comes complete with instructions that include creating various test scenarios.
>I don't see anything that deals with the fact that restricting pie menu return ability still leaves five other methods of object return and destruction available for editable and movable objects. This makes it hard to understand why a change would help here. It seems like it would only partially obfuscate the available options, creating a false impression of "Share with group"'s abilities.
You're not responding to the obvious point that for the lion's share of people in SL, putting a script in an object, and giving it a command to make an object die, is not possible because they will never know about it nor seek knowledge about that. That's not "obfuscation". That's just not everyone and his brother being a scripter. Most people aren't. The same can be said for the notion of moving an object to 4096, which requires arcane knowledge of server abilities what 98 percent of the people of SL do not know. You're not responding to the other very real property issues: destruction and loss of property in real-life cash businesses. You're expecting people who do not every look at the knowledge base or look at tool tips to somehow access and use this information. That is not the usage of SL. They don't. They click and chose "return" accidently or on purpose because they can. And there is no reason for them to be able to when the group owner has used a check-off box for group powers not to grant them the right to return group-set prims. The original coders of the group tools put in granulated rights such as "return group-set prims" or "don't return group-set prims" after enormous amounts of input from inworld businesses. And that is how it is supposed to work. People building in rentals are building on their own property as a rule and have no burning need to "share" and join building collectives. This is an obscure use of SL. There should be choice to opt-in to such an obscure use, and there is: the group owner can specify that a resident has the right to return group-set prims. For the majority of uses, the tools should work as indicated without this bug, so as to prevent forcible opt-in to a collectivized experience against someone's will, that destroys private property. That's all. I support all of Angela's use cases which I have employed countless times, and so do hundreds of other group rentals management teams all across the mainland in particular.
You want people to deed TVs, but not return their own or others' TVs because if they do, and the TV is on no-transfer, it will destroy. You also don't want them stealing TVs. You want people to use management's houses, but not return management prims. If a house is in "share" to enable texture change, it shouldn't also be returnable/destroyable/delinkable. And so on. All of these group tools were put in to remove SL from the era of the collective, when everyone was just in sandbox groups and bring it into the era of business, where management could make decisions about restricting roles so as to maintain the integrity of private property and yet open it up to public use. It is the most basic form of collaboration in SL – and the most widespread. Renters in groups do not need to be able to return any management prims or other renters' prims. That isn't making them "underprivileged"; it's just using common sense to prevent destruction of property, that's all. And an individual renter can build on his own land and set prims to that group. The lion's share of renters want their own house, and don't want to be forced into a "wikitecture" group build. Those that want that experience have choice within the group tools to grant all members the right to return group-set prims without having to strip away the choices for those in rentals, forcing them to endure the destructiveness of "share" for the sake of a few collective builders. Oh, I just got a notice on my main account that I am banned for 14 days from contribution to the JIRA because of alleged "editing" wars on this JIRA proposal.
So I won't be taking part in this discussion, forcibly silenced from disagreeing, just the way "share" forcibly makes us collectivize and destroy property despite the rules of civilization that earlier Lindens did in fact put in the group tools to give people more free choices for commerce. @Soft who wrote in part: "Once again - the current ability to return group-shared objects is expected behavior."
My response: Expected behavior on the part of your designers does not equate to correct behavior. Especially when the very code contains provisions for granularity that, by your claim, is really non-existent. Furthermore, an accidental or purposeful delete could cause countless problems in the form of time and money for property managers who believed leaving the "return objects set to group" deselected for their default group members would actually protect their objects when it does no such thing. Otherwise put, at the very least, this is a gross design flaw. Which, in my three decades of enterprise engineering experience, equates to a bug. That you seem unable to understand this admittedly mystifies me.. Obviously, I am of the very strong opinion this issue should remain open. @angela - It may seem like a minor point, but it isn't: Bugs and new features go through very different triage and approval processes. A bug would be an unambiguous flaw in implementation. These can usually be vetted in just a couple minutes - we resolve 15-25 every hour on Mondays at noon.
For something that's a change to existing behavior, and where there's significant contention about how it should work, it needs to be classified as a new feature. New features are examined and designed with the participation of senior Lindens and the resident experience team. These can't be evaluated and implemented by single Lindens operating on their own, as bug issues are. The corpus of comments here would also be a liability - there's not a clear, well-written call to action here. A new issue asking for exactly the behavior you want, and filed as a new feature in the server (not viewer) category would be the surest way to proceed. There would be no harm in citing this issue and similar other issues if you want to highlight the fact that the current design does cause confusion. I hate to break it to everyone that has agreed with Prokofy here but uh ....
The permissions described and the process undergone within the posted text file? The permissions only affect objects actually owned by the group, the only exception to this is an object with a group set to it that is not deeded and is not being shared. Even when I joined in late 2006, "Share with group" has always given the entire group the same permissions as the object owner! Any attempts at reproducing this 'bug' are doomed to be flawed by this fact and by the fact that the current permission system is set up in such a way that the only way to allow the user who set the object out in the first place to return or take back his/her object is to have it behave in this manner! The object owner should not have to have special power granted to him/her after the object is shared, in order to take their object back! This is how the system works and how it has to work until such a time as the Lindens code in a more complex permission system that actually allows an undeeded object that is set to "Share with group" to be taken back or otherwise returned by the object owner. As I specify in my improved JIRA (https://jira.secondlife.com/browse/SVC-4259
) on this, there are really two bugs here:
a) objects set to group and SHARED can be returned by any group member, simply setting them to group won't do it. This is useful for multi-person building projects, particularly where you dont want to trust every other builder with mod rights over all your content in SL. The down side is that this allows a tenant on one parcel to return objects belonging to other tenants on other parcels owned by the same group if the objects are set to share with group (necessary, for instance, to operate scripts in the objects like tvs and security orbs). There are two conflicting needs here so I've proposed a solution in my jira on this. Solution: Thus, landlords and tenants can use ability 2(a) to allow tenants to operate group deeded scripted objects while preventing one tenant from returning another tenants things (tenants should not share their stuff with the group unless it is deeded). Furthermore, there is a third bug in returning group deeded objects in that they are frequently lost by the inventory system and are not returned to the person who deeded them. A comment that I posted on Second Thoughts that got some good reactions so I thought I would post it here too in case it's useful (feel free to let me know if it ought to be in one of the other open JIRAs instead or as well).
I've always found the group tools, and group share / deeding, very confusing, and never really understood the controversy about this bug, but I think maybe I'm starting to get it. Two questions occur to me: First, is there any reason that you have to set "Share with group" before you can do "Deed to group"? They seem to do two entirely different things: "share" means "I want to still be the owner, but I want to give every member of the group total power over it for some reason"; whereas "deed" means "I want the group to become the owner, with the powers of individual group members determined by the group's rules". It doesn't seem sensible, and only increases the confusingness, to require Share before you can Deed; is there a JIRA on fixing that? It wouldn't break any content. And if the Share checkbox goes grey, but is still manipulable, after one Deeds, that's a UI bug at the very least (controls that work should not be grey). Second, is it the case that the heart of the disagreement in the JIRA is what should happen if both Share and Deed are done? Whether the "every individual member can do anything" of Share should override the "group owns it, and group rules apply" of Deed? In all the cases that cause people trouble, is it the case that someone has turned Share on more or less by accident, and if Share was off and the object was just Deeded, without being Shared, it would behave as desired? Or is there a case where for some reason you want to have Share on, but still want to have the group rules apply? Seems like the best solution to this, that wouldn't break any content, would be to break the confusing link between Share and Deed, allow non-Shared objects to be Deeded, and maybe put the Share and Deed controls further apart. Then people would have less reason to check Share by accident, and the explanation of them would be pretty simple: "Share with Group means you trust every individual member of the group implicitly, whereas Deed means that you give the thing to the group and the group rules will apply; it's unlikely that you want to set them both, unless you really know what you're doing." Or have I missed an important point somewhere? (I think it'd also be sensible to be able to mark a parcel as "anything set to group can control the media settings", so that people wouldn't have to deed their TVs and so on in the first place. I wonder if there's a JIRA on that. It would open up a certain class of annoyance attacks, but since all those attacks would do would change your radio station or TV program, might not be a huuuge deal.) @dale - Broadening the group of objects that can control media settings would have a bad privacy effect. If someone can control the media settings, they can point to a server they control and use it to discover the IP address of anyone who has media enabled.
Getting rid of the requirement to share before deeding has come up in comments before, but I'm searching and I can't find where anyone has created a JIRA for the proposal. If you wanted to write that up, it probably would reduce a whole lot of confusion. Thanks, Soft, done: SVC-4276.
(And oh yeah, I always forget about that "IP address stealing" worry. I'm still not entirely convinced it's violating any reasonable user expectation, but I don't have a strong opinion, and will leave that discussion to others.) Is it possible to start an issue to reopen this issue? And also, would someone please lift the ban on prok so that their voice on this issue (and whatever other issues they are interested in) can be heard here on the pJira? Bc, honestly, the only way I can see this issue being truly resolved is to put personal differences aside and come together to brainstorm a viable and robust solution.
Now, back to this issue at hand. I've spent some time doing a bit of research with regard to the history of the group features, and I still hold that this is a bug. Why? Because it was recognized as a bug and corrected several years ago. Unfortunately, there is apparently no historical bug tracking record to support this, and the developers who were involved in that bit are largely missing (i.e., no longer work for the lab). So, all that I have are recollections from people who were there. Hence, my opinion is largely based upon discussions with various individuals who have been around long enough to recall the nightmare around group feature implementation. That being said, while a temporary work-around to manage this problem can be done with real documentation and tool tip warnings, those are only stop gaps to the underlying issue. And though, numerous ideas have been raised, I am thinking a productive approach would be to create a requirements matrix that highlights object permissions as they pertain to both group and edit panel settings, as well as containing definitive information regarding expected behavior. The requirements matrix should also reflect the use cases that are addressed with each setup. This would give people a frame of reference for further discussion, being on the same page, and even potentially proving beyond question that it is indeed a bug (or, for that matter, refuting said contention). The goal here, would be to winnow out specifics, including bug areas to target, potential GUI changes, and documentation areas to clarify. The result would provide useful knowledge base documentation for end users as well. @Harleen wrote: "Anybody can reopen the issue. But there is already a JIRA to fix the group-owned issue, SVC-4259. And the group-shared issue is a duplicate of
My comment: Okay, fine. Reopened. I do however respectfully disagree with your contention that this is related to SVC-4259, Afaics, this is not the same as SVC-4259 as that is specific to modify abilities and return deeded object abilities. SVC-585, otoh, seems to be more on target to this issue. And I'm sure that, if any of us have time to scour this pJira, we can find other threads that are hauntingly similar. Which is yet another reason why I am of the contention that pJira is largely useless. Simply due to the organization, or lack thereof. No matter, I remain of the opinion that we need a requirements matrix to ensure all potential use cases and resulting ramifications are covered. Outside of doing that, at the very least, this and other issues will repeatedly raise their ugly heads.
Again, SVC-4259 is unrelated. Prok (and I, for that matter) have repeatedly stated that this problem relates to the general members role that does not have any ability whatsoever checked. I repeat, NO ABILITY is checked for general members. IntLibber's scenario specifically relates to a role with the manipulate ability checked for deeded objects. And said checking applies to group deeded objects only. Look, I do not know how else to explain this to you. Have tried seven ways from Sunday and even IntLibber seceded and admitted that what SVC-4529 is not at all related to this issue. Or otherwise put, just bc both issues happen to contain the phrase "group-deeded" does not the same issue make.
@Solar wrote in part "Any attempts at reproducing this 'bug' are doomed to be flawed by this fact and by the fact that the current permission system is set up in such a way that the only way to allow the user who set the object out in the first place to return or take back his/her object is to have it behave in this manner!"
My response: Not quite. It is a matter of simply setting the object for sale and checking give original object. And yes, it should take some effort to delete an object once it has been deeded to group. After all, at that point, it no longer belongs to the original owner. Furthermore this issue explicitly revolves around the access control list (ACL) model, which in all other systems include the following rights => read, write, execute, delete. The reason the ACL model has been so long standing is to avoid inadvertent deletion of critical data. In this case, objects are the critical data, and should only be deletable by a) the owner and b) ACL members whose privileges include "delete." Unfortunately, people who think modify should automatically include the ability to delete are sorely misinformed wrt the long standing history behind the original purpose of ACLs. Whether you or anyone else agrees, coders should, at the very least, understand this simple concept, as well as recognize why this is a classifiable bug. Well I disagree, this repro by Prokofy demonstrates both
And on SVC-4259 Intlibber says this:
Also if this issue only relates to members with no abilities, then how are unshared group-owned objects returned? Angela, have you even read the text file associated with this non-issue?
It has been proven that a member not empowered to do so cannot return Group Deeded objects - it has also been proven that the only bug in that is giving them the ability to return non-group objects. Now then ... "Share with Group" is operating within the confines of the system. Kindly go back and read the entire comment you quoted .... and if it is not clear that I was referencing "Share with Group" ... ask for further clarification. I will tell you this however: "Share with Group" does not change the object owner to the Group. Wow, this is confusing!
 I think it would help if we were all very very very careful with the words we're using. I think some people have written "group-set" when they meant "group-deeded" or perhaps "shared with group"; and I expect that phrases like "non-group objects" mean different things to different people (does it mean "not group deeded" or "not set to the group in question" or "not set to any group at all" or...?).
Here's my attempt to summarize the various bugs and issues (from a recent Second Thoughts comment thread): It looks to me like there is one pretty definite bug here: that a linked object with one child prim set to share-with-group acts as though the whole object is share-with-group even though if you look at the object in edit the box doesn't appear checked. (Haven't confirmed this myself, but sounds like it from the JIRA.) And another bug, just mentioned in passing in this JIRA entry, where group-deeded objects entirely cease to exist when they are returned in certain situations (without a warning to the person taking the action that will cause that?); that seems bad, and it should have its own separate JIRA entry. And another possible bug, if people can return objects that are group-deeded, but not group-shared, even though they don't have any group role that should permit that. And a UI bug, if the "Share with group" checkbox is greyed once an object is group-deeded, even though in fact at least some people for whom it is greyed can still check/uncheck it. And a design flaw (imho anyway) that you have to share with group before you can deed to group, even though the two things are really completely different (I've opened SVC-4276 to suggest untangling those). And a difference of opinion about what should happen if an object is both group-deeded and group-shared, where the current design (as pretty clearly stated by Soft) is that group-share takes precedence in that case and anyone in the group can do anything to it. To get the design changed one would have to change the Lab's mind by calm and careful argument. Is that a pretty complete untangling of the bugs at issue? It would probably be helpful if there was a separate JIRA for each possible bug, rather than a single one that talks about them all; they could of course be linked together as related. But having them all talked about in the same JIRA makes it less likely, I think, that any of them will get properly focused on. (I'd be glad to help out anyone attempting to pin down repros for any of the above that don't have them yet.)
This happens when they are no transfer and is mentioned in SVC-111
Afaics, in order for any potential solution to be further investigated, a consensus must be reached with regard to the expected behavior for the "modify object" behavior in the context of group shared/deeded objects.
Before continuing on however I first hold that a non-root prim group settings should never, ever, trump the root prim group settings. At the very least, this is a glaring bug that needs to be immediately addressed. That being said, let's review object group properties and some extant use cases. a) set to group => Original owner retains ownership of object. Members can neither move, modify, copy, delete, or return objects. Use case(s) addressed: 1. Provides a group hook for group based scripted control. 2. Objects remain on group set/owned land that is using auto-return. Issues: None b) shared with group => Original owner retains ownership of object. All group members can move, modify, copy, or delete objects. Use case(s) addressed: 1. Tenants can move and/or modify a dwelling to meet their desired tastes. An example might be to turn a structure so that the renter can see the sunset from their bedroom window. Or, in the case of a merchant, change the layout of a store. 2. Tenants may wish to use their own build, and would therefore want to delete an existing build. 3. Group members may want help with their build while retaining object ownership. Issues: Group members may delete and/or copy objects c) deeded to group => Transfers object ownership to the group. Requires group control for object returns and/or modification. Members who have object modification abilities can move, modify, copy, or delete the object. Members who have object return abilities only can return the object. Use case(s) addressed: 1. The group wishes to delegate object management to specific members thereby sharing duties between multiple people, so they deed the object to group and assign those members to a role that includes modify and/or return. 2. Selected group members need to be able work together on a build, , so they deed the object to group and assign those members to a role that includes modify. 3. Deeding the object to the group allows linking of objects whose parts are created by different members, so they deed the object to group and assign those members to a role that includes modify. Issues: See SVC-4259 With the above in mind, this issue boils down to expected behavior for the "modify object" behavior in the context of group shared/deeded objects. Or more specifically, the question of whether the "modify object" behavior should implicity include deletion. I hold that deletion should be explicitly provisioned via the group management tools by utilizing the roles and abilities matrix. This is especially so, since the roles currently includes "return object" which implies that this ability must be checked for the assigned member to execute this function, while at the same time, allowing objects to be returned via object deletion. The catastrophic deletion scenario is, of course, that the object is simply deleted as opposed to being returned to the original owner. The implication here is clear and should be of concern to anyone who is utilizing group functionality to manage objects. That being said, I would suggest the following possible implementation approach: 1. Remove the implicit deletion ability from the "modify object" behavior for group shared/deeded objects. 2. Add the following ability to Parcel Content (under group roles): a. Return objects shared with group 3. Add the following ability to Object Management (under group roles): a. Delete objects deeded to group b. Delete objects shared with group NB: Individual owner object abilities should remain. Therefore the owner should always be able to delete their own object, even if they share it with group. Obviously, if they deed the object to group, they will need to belong to a role that allows them to delete or return the object. I would vote for your proposal, Angela.
Though unless you are the owner deleting objects shared with group is the same as returning them. So maybe just graying out Delete if you are not the owner of a group-shared object that is not deeded. I dunno if this is just me being thick-headed, but when you say:
1. Remove the implicit deletion ability from the "modify object" behavior for group shared/deeded objects. what do you mean by "group shared/deeded objects"? Do you mean "all objects that are both deeded to the group AND shared with the group", or do you mean "all objects that are deeded to the group, and all objects that are shared with the group"? There are lots of ways that this could be resolved. Personally, I think that "share with group", which was originally a very simple function back before there were group tools, aimed at letting a small group of mutually-trusted builders collaborate closely on a build, is much too broad a brush to be used in large untrusted groups (like rentals), and would require such huge changes to be useful there as not to be worth the trouble. The group tools should be improved so that they are useful to rental groups, using group deeded (but not group shared) objects. The concept of "share with group" should be left as it is, maybe made less obvious in the interface so that people don't use it by accident. Just my two cents. @Harleen wrote in part: "Though unless you are the owner deleting objects shared with group is the same as returning them. So maybe just graying out Delete if you are not the owner of a group-shared object that is not deeded."
An owner, in the case of a shared object, would of course, retain full access rights. As far as implementation goes? A robust solution will involve both server-side and client modifications. For example, the group policy matrix (i.e., roles & abilities) would need to be changed to reflect the additional abilities. This would obviously be a database change. Sever changes would involve enforcing the new policy. And changes to the client would involve checking the policy for group shared or deeded objects against the member's abilities, to, as you so note, gray out the delete in the object pie menu of the UI, as well as popping up the obligatory "you do not have permission to delete object" message for those members who click the delete but are denied object deletion abilities. @Dale writes in part: "what do you mean by "group shared/deeded objects"? Do you mean "all objects that are both deeded to the group AND shared with the group", or do you mean "all objects that are deeded to the group, and all objects that are shared with the group"?" My response: One, Shared with group and deeded to group should be mutually exclusive. Two, please try to disabuse yourself of the notion that group tools are just for rental groups. Such sweeping and mistaken generalizations are the bane of good design principles and practices. That being said, I am mystified why you feel obfuscating this problem by making the share with group feature "less obvious" will help anything at all. The problem is that "share with group" allows all members to delete the object regardless of whatever group abilities they may (or not) have. To compound this, the "modify object" ability allows people who do not have the "return objects" ability, to delete deeded objects. And both of these have to do with the "modify object" behavior. (i.e., modify object = move, change, copy & delete). So, again, if an object is either a) shared with group OR b) deeded to group, deletion of the object should only be allowed for members who belong to roles that allow deletion and/or return of objects. Hence, my suggestion to completely remove the deletion capability from "modify object" behavior for group shared OR group deeded objects and rely upon the roles & abilities matrix to determine a group member's ability to remove and/or delete said objects. @Angela: Sorry if I was unclear; I don't think, and I never implied, that the group tools are only for rental groups; I was just using them as one example of where improvements would be useful to accommodate groups with less trust than those that "Share with Group" was designed for. Other kinds of groups will have other requirements, but it's the same basic principle..
The original use-case for "share with group" was a group of mutually-trusted collaborators. It came before the group tools, and doesn't really get along with them that well presently. It seems like there are two things (at least) that could be done now that there are group tools: The use-case and the function could be left as is, but disentangled from "Deed to group", since as they are now they are quite different (see SVC-4276). This doesn't break any content or any existing uses of the function. In this case it might be good to move the "Share with group" function further away in the UI, or even "obfuscate" it to some extent, since it's really just a legacy function from pre-group-tools days, left in for those who are used to it. Hope that helps with your mystification. The other possibility would be to make "Share with Group" basically just like "Deed to Group" (with all of the group member abilities applying), except that the original owner is still the owner, and has owner powers over it. This would be a large change, and would disrupt some current usage, but it could certainly be done. In either case, I agree with you that when anything ("deed to group" as it is now, and "share with group" as it might or might not be in the future) uses group member privileges to determine what a member can do, it might make sense to have deletion as a separate function from modification, and that idea deserves its own JIRA (SVC-4259?). (It would still be the case that someone with modify powers could stick in a script that does llDie(), etc, but at least that's unlikely to happen by accident. /me nudges the dead horse...
From Andrew Linden's office hour: [11:29] Angela Talamasca: Andrew, have you had any time to look into Full transcript: http://wiki.secondlife.com/wiki/User:Andrew_Linden/Office_Hours/2009_05_26 I'm not sure which bug (of the five or six bugs / features that this JIRA entry eventually came to identify) Andrew had in mind when he said that (and it's not clear to me from the transcript). Do you have a feeling for that, Angela?
Dale, the bug that I am and have been focusing upon is the ACL problem, of which one example is the ability for any group member, regardless of classification, to delete group shared objects.
Very good. If it were me, I would talk about that in the context of SVC-585, which explicitly talks about that particular aspect, rather than in the context of this somewhat wider (and closed) bug. But maybe that's just me.
Note that SVC-585 is couched as a change or feature request rather than a bug, since in Hm, speaking of which: of the various bugs and things that surfaced in the discussion here, is there a specific JIRA on the one where a single shared-with-group prim in a linked object causes the entire object to be effectively shared with the group (even though that box doesn't show up checked in the Edit dialog for the object as a whole)? That seems like a nice straightforward uncontroversial bug that would probably get fixed pretty fast if it were separated from the more heated discussion of the other stuff.
If there is no such specific JIRA entry right now, would someone like to open one? (I could, but I expect others probably have more experience with that specific bug than I do.) @Dale - That bug has been fixed already, currently it will not show as shared with group unless the root prim is one of the shared prims. But that is the only case where you can return the object via the share with group ability. If only child prim are marked share with group then you get a "Removal of the object 'Object' from the simulator is disallowed by the permissions system." error.
Oh, good stuff!
How do you keep track of it all? |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 |
|
Bug
Closed
Major
Group Members Not Enabled to Do So Can Return Group-Owned Linked Prims if Any Component is in Share With Group
SVC-121is by design. Without that option checked I get an error: "Removal of the object 'Object' from the simulator is disallowed by the permissions system."