User Tools

Site Tools


admin:users

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
admin:users [2019/03/28 17:04]
tmccanna
admin:users [2019/03/29 13:14] (current)
tmccanna ↷ Links adapted because of a move operation
Line 10: Line 10:
   * [[circ:​accounts:​types#​staff_permission_groups|Types of Staff Permission Groups]]   * [[circ:​accounts:​types#​staff_permission_groups|Types of Staff Permission Groups]]
   * [[circ:​accounts:​staff|Policies Regarding Staff Accounts]]   * [[circ:​accounts:​staff|Policies Regarding Staff Accounts]]
 +  * [[circ:​accounts:​permissions|Permissions Spreadsheet]]
  
 <​note>​It is important to remind library staff members that their personal library cards and their staff <​note>​It is important to remind library staff members that their personal library cards and their staff
Line 28: Line 29:
  
 [{{ :​admin:​pasted:​20190328-160339.png?​direct&​400 |}}] [{{ :​admin:​pasted:​20190328-160339.png?​direct&​400 |}}]
 +
 +Assigning a permissions group to a user grants them all of the permissions in the tree. This means that
 +a LibraryManager assignment equates to granting all permissions in User + Staff + Administrator +
 +LibraryManager,​ inclusive.
 +
 +===== Permissions Scopes =====
 +
 +Evergreen permissions are "​scoped,"​ meaning that "​boundaries"​ are set to limit staff actions to a single
 +system or branch. In PINES, there are three scopes: 1. Consortium: the permission applies to the staff
 +member at any location in PINES. 2. System: the permission applies to any location within the library
 +PINES Local System system at which the staff member works 3. Branch: the permission applies to the individual library at which the staff member works.
 +
 +===== Adding Custom Permissions =====
 +
 +Staff users are assigned a set of permissions and for the Administrator class of users, some of those
 +permissions are grantable. A grantable permission is one that an administrative user can grant
 +individually to a single user. This is done in the Administration > User Permission Editor interface by
 +entering the user's library card barcode and adding checkboxes beside the appropriate permissions. ​
 +
 +<note warning>​Though LocalAdmins have the ability to grant permissions,​ PINES/GPLS staff recommends
 +caution when doing so, as customized permissions may cause problems down the line. For
 +example, if a staff member changes employment positions at a library, her/his permissions
 +profile group may change, but any custom permissions will continue to be assigned unless
 +manually removed by the LocalAdmin. It would be beneficial to keep a record of such
 +individualized changes.</​note>​
 +
 +Locally-assigned permissions override permissions assigned "​higher up" in the hierarchy. For
 +example, if the Circ2 profile has VIEW_USER assigned at the Consortium scope, and you
 +assign that same permission to a specific Circ2 at the Branch scope, that staff member will be
 +limited to viewing/​accessing user accounts at her/his branch.
 +
 +Permissions assigned at the permissions profile group level are not able to be removed on a per user
 +basis. LocalAdmins must assign a profile with fewer permissions to decrease the permissions level of
 +a user.
 +
 +===== Context Matters: Working Location and Workstation =====
 +
 +**Working Location**
 +
 +Evergreen permissions rely on the user's "​working location"​ which is set under Administration > User Permissions Editor (or, from the staff person'​s account page under Other > User Permissions Editor).
 +
 +For staff such as LocalAdmins or Cat1s, who may need to administer or perform work at more than one location, each relevant location must be selected.
 +
 +**Workstation**
 +
 +The other context Evergreen uses is the workstation location. See [[admin:​workstations:​registration|Workstation Documentation]] for more information.
  
admin/users.1553807083.txt.gz · Last modified: 2019/03/28 17:04 by tmccanna