User Tools

Site Tools


admin:users

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
admin:users [2019/03/27 17:47]
tmccanna
admin:users [2019/03/29 13:14] (current)
tmccanna ↷ Links adapted because of a move operation
Line 10: Line 10:
   * [[circ:​accounts:​types#​staff_permission_groups|Types of Staff Permission Groups]]   * [[circ:​accounts:​types#​staff_permission_groups|Types of Staff Permission Groups]]
   * [[circ:​accounts:​staff|Policies Regarding Staff Accounts]]   * [[circ:​accounts:​staff|Policies Regarding Staff Accounts]]
 +  * [[circ:​accounts:​permissions|Permissions Spreadsheet]]
  
 <​note>​It is important to remind library staff members that their personal library cards and their staff <​note>​It is important to remind library staff members that their personal library cards and their staff
Line 15: Line 16:
 password via the OPAC and are then unable to login to the staff client, for instance.</​note>​ password via the OPAC and are then unable to login to the staff client, for instance.</​note>​
  
 +===== Hierarchical Permission Structure =====
  
 +Evergreen employs a hierarchical permissions structure in which "​child"​ groups inherit permissions
 +settings from "​parent"​ groups. The basic group is "​User",​ which contains all Evergreen users. Above
 +the "​User"​ level are subcategories,​ including "​Staff,"​ which contains a set of permissions that is
 +inherited by all "​Staff"​ group members. "​Staff"​ is subdivided into "​Administrator,"​ "​Cataloger,"​
 +and "​Circulator,"​ and each of these levels may also contain permissions that are inherited by their
 +subgroup members. In the case of the "​Administrator"​ group, a base set of administrative permissions
 +is granted to the "​GlobalAdmin,"​ "​LocalAdmin,"​ and "​Library Manager"​ permissions groups, which
 +are then assigned to individual users. See the diagram below for a visual representation of this
 +structure.
 +
 +[{{ :​admin:​pasted:​20190328-160339.png?​direct&​400 |}}]
 +
 +Assigning a permissions group to a user grants them all of the permissions in the tree. This means that
 +a LibraryManager assignment equates to granting all permissions in User + Staff + Administrator +
 +LibraryManager,​ inclusive.
 +
 +===== Permissions Scopes =====
 +
 +Evergreen permissions are "​scoped,"​ meaning that "​boundaries"​ are set to limit staff actions to a single
 +system or branch. In PINES, there are three scopes: 1. Consortium: the permission applies to the staff
 +member at any location in PINES. 2. System: the permission applies to any location within the library
 +PINES Local System system at which the staff member works 3. Branch: the permission applies to the individual library at which the staff member works.
 +
 +===== Adding Custom Permissions =====
 +
 +Staff users are assigned a set of permissions and for the Administrator class of users, some of those
 +permissions are grantable. A grantable permission is one that an administrative user can grant
 +individually to a single user. This is done in the Administration > User Permission Editor interface by
 +entering the user's library card barcode and adding checkboxes beside the appropriate permissions. ​
 +
 +<note warning>​Though LocalAdmins have the ability to grant permissions,​ PINES/GPLS staff recommends
 +caution when doing so, as customized permissions may cause problems down the line. For
 +example, if a staff member changes employment positions at a library, her/his permissions
 +profile group may change, but any custom permissions will continue to be assigned unless
 +manually removed by the LocalAdmin. It would be beneficial to keep a record of such
 +individualized changes.</​note>​
 +
 +Locally-assigned permissions override permissions assigned "​higher up" in the hierarchy. For
 +example, if the Circ2 profile has VIEW_USER assigned at the Consortium scope, and you
 +assign that same permission to a specific Circ2 at the Branch scope, that staff member will be
 +limited to viewing/​accessing user accounts at her/his branch.
 +
 +Permissions assigned at the permissions profile group level are not able to be removed on a per user
 +basis. LocalAdmins must assign a profile with fewer permissions to decrease the permissions level of
 +a user.
 +
 +===== Context Matters: Working Location and Workstation =====
 +
 +**Working Location**
 +
 +Evergreen permissions rely on the user's "​working location"​ which is set under Administration > User Permissions Editor (or, from the staff person'​s account page under Other > User Permissions Editor).
 +
 +For staff such as LocalAdmins or Cat1s, who may need to administer or perform work at more than one location, each relevant location must be selected.
 +
 +**Workstation**
 +
 +The other context Evergreen uses is the workstation location. See [[admin:​workstations:​registration|Workstation Documentation]] for more information.
  
admin/users.1553723238.txt.gz · Last modified: 2019/03/27 17:47 by tmccanna