Problem/Motivation
The "view site reports" permission needs to be only for viewing. Users with this permission shouldn't be able to clear the logs. This is a fairly decent security risk since the the logs are really the only way to watch for malicious users trying to exploit the site, so allowing users to permanently erase the evidence of their attempts is pretty stupid in my humble opinion. The reports are very useful (as is the log), and certain user roles (company employees for instance) should be able to view them but not tamper with them.
Even if this is closed and disregarded, the description of the permission needs to be changed. Unless an administration is paying close attention and personally creates test accounts for each role and goes through testing all the features to make sure only the absolutely necessary functions are exposed, it would be very easy to allow an untrustworthy user to have the ability to erase all the evidence of attempted exploits. Admin users should know before granting the permission that it allows for more than viewing.
I apologize if this is a duplicate report: I searched fairly thoroughly through all open issues for Drupal 7.x and didn't see anything relevant.
Proposed resolution
Change of approach (simplified) - see #81.
Rather than changing existing permissions, add a description to 'View site reports' instead.
Remaining tasks
- Review new permission text.
- Confirm is this is now 8.3.x or 8.4.x
User interface changes
None.
API changes
None.
Data model changes
None.