Forum .LRN Q&A: Re: what is the privilege structure of dotLRN?
I've fixed bug #214:
so that the 'read_private_data' flag is now consistently a per-user flag, not per-user-per-community.
Can you please verify that this is the intended behavior for now?
There's still a bug that users can get to the private data through URL surgery, but I don't see any solution to that other than either a major hack or a major redesign.