Frances wrote:
But in fact, members can edit the database tables unless each database is further locked down.
Using my member-only email, I can edit table properties, add rows, edit rows and more.
If I edit permissions on the individual table (table properties) so that the only thing a member can do is view the table, it does stop editing except by moderators and table owner.
Thanks for looking into this Frances. Great work. Using a test membership in the group I own (a test membership with member-only status) I found the same. I could edit the table -- change the name, edit the description -- and edit/add rows.
Then using my owner's account I went to the page for the Database selected and opened the Edit Table Properties box at the top left of the page.? I discovered the "Edit Table," "Add Rows" and "Edit Rows" were all set to "Members."? (Remember, in "Settings," the Database is set to "Members can view, moderators can create tables.") I then changed the settings to the most restrictive: I changed the "Edit Table" and "Add Rows" to "Moderator and Table Owner,"? I set "Edit Rows" to "Moderator, Table Owner and the Row Owner." After saving the "update" I revisited with my member-only account. Then there was only one option and that was to export the table in JSON format or CSV format.
I agree, IF this is the way it is supposed to work then the Owner's Manual needs to be revised accordingly.
tommy0421
Tommy Meehan