From jlwalz at asbury.edu Tue Jan 13 15:07:35 2015 From: jlwalz at asbury.edu (Walz, Jennifer) Date: Tue, 13 Jan 2015 20:07:35 +0000 Subject: [Evergreen-admin] FW: Group and User permissions In-Reply-To: <381ED3DA2BB16A4EB3ED53462B21F2E5229F661B@Heshmon.asbury.edu> References: <381ED3DA2BB16A4EB3ED53462B21F2E5229F47AA@Heshmon.asbury.edu> <381ED3DA2BB16A4EB3ED53462B21F2E5229F661B@Heshmon.asbury.edu> Message-ID: <381ED3DA2BB16A4EB3ED53462B21F2E522A63FF6@Heshmon.asbury.edu> All - See my previous message below that no one replied to. Any thoughts? I also have some follow up questions. For instance. When I assign a user to a "staff" account - does not matter what kind - it looks to me like several blanket types of permissions are automatically granted. Even if no group permission are assigned to that group, when I go to the user permission editor, there are several basic boxes checked. Such as "create_user" and "update_user". However, when I assign a user to a "Patron" account, those permissions are NOT granted automatically. Why is this? What settings controls what default and blanket permissions are given to what types of users in the system? Second, I have no problem with the defaults being assigned, but I would like to know what they are for each group so I can understand what other permissions need to be added. What I really want is I would REALLY like to remove some of them from individuals assigned to that group. So, for instance, I have a staff user that is assigned to a staff category of "volunteer". All good. But then maybe one or two of the users in that volunteer category really should NOT be able to create, view, or update any user accounts. When I go into the user permission editor for those users, I CANNOT REMOVE THAT PERMISSION! I am appalled. Why is this? I get that maybe it is a default setting for that group of users, but in each user editor, shouldn't I be able to remove it if I would like? But nothing I do will let me make this change. Is this a bug? Is this the way it is supposed to work? If not, how do I make it work the way I would like? Some assistance with group and user permissions would be very much appreciated. So far, it has befuddled me endlessly. -------------------------------------------------- Jennifer Walz, MLS - Head of ILS stuff Kinlaw Library - Asbury University One Macklem Drive, Wilmore, KY 40390 859-858-3511 ext. 2269 jlwalz at asbury.edu From: Evergreen-admin [mailto:evergreen-admin-bounces at list.evergreen-ils.org] On Behalf Of Walz, Jennifer Sent: Wednesday, December 03, 2014 4:56 PM To: evergreen-admin at list.evergreen-ils.org Subject: [Evergreen-admin] Group and User permissions All - Ok. I'm new but I am seeing some weird things and I am not sure if this is how the system works, or if there is something I am missing. We are on 2.6.1 in case that matters. So, as I understand it, you can set group permissions and assign a bunch of people to that profile (group) and they all have certain rights to do certain things. I thought that maybe the user permissions were then available in case you might have one user or two in a group to ADD or DELETE certain permissions. Is that not the case? We might like to have maybe student workers all be "circulators" but one or two are given special permissions to work with cataloging or serials or such. Am I understanding this correctly? If we wanted to assign a "circulator" special elevated user permission for updating item records, I should be able to go into their patron record, open the user permission editor and assign them update_item_record (or some such). Right? Well, the problem is that we are trying to do something like that for several different pre-assigned groups and it is not working. For the "volunteer" group for instance. I have assigned several users in our system to that profile, but one or two need modifications. When I go to that patron record, into the user permission editor, everything is greyed out and it won't let me change anything. One or two permissions listed there I would like to remove (like Admin Toolbar! What? For volunteers?) or even change the level at which they have permission. Nope. No dice. And where is that admin toolbar thing set anyway? Who gave volunteers that permission? It is not listed in the group permissions editor. (they can also see and edit the Library Settings!) So, why can I change some user permissions for patrons (I am having no trouble with our "catalogers"), but others are all sort of fuzzed out and won't let me add or delete anything in the user permission editor. I can check a box and click save but nothing happens. Do I have to start all over and just create all new groups first?? (and I AM the admin and logged in as such when trying all of this) Thanks for any insights you have. Jennifer -------------------------------------------------- Jennifer Walz, MLS - Head ILS Monkey Kinlaw Library - Asbury University One Macklem Drive, Wilmore, KY 40390 859-858-3511 ext. 2269 jlwalz at asbury.edu -------------- next part -------------- An HTML attachment was scrubbed... URL: From csharp at georgialibraries.org Tue Jan 13 15:30:39 2015 From: csharp at georgialibraries.org (Chris Sharp) Date: Tue, 13 Jan 2015 15:30:39 -0500 (EST) Subject: [Evergreen-admin] FW: Group and User permissions In-Reply-To: <381ED3DA2BB16A4EB3ED53462B21F2E522A63FF6@Heshmon.asbury.edu> References: <381ED3DA2BB16A4EB3ED53462B21F2E5229F47AA@Heshmon.asbury.edu> <381ED3DA2BB16A4EB3ED53462B21F2E5229F661B@Heshmon.asbury.edu> <381ED3DA2BB16A4EB3ED53462B21F2E522A63FF6@Heshmon.asbury.edu> Message-ID: <630326523.2478925.1421181039033.JavaMail.zimbra@georgialibraries.org> Hi Jennifer, > So, as I understand it, you can set group permissions and assign a bunch of > people to that profile (group) and they all have certain rights to do > certain things. Correct. > I thought that maybe the user permissions were then > available in case you might have one user or two in a group to ADD or DELETE > certain permissions. Is that not the case? We might like to have maybe > student workers all be ?circulators? but one or two are given special > permissions to work with cataloging or serials or such. Am I understanding > this correctly? If we wanted to assign a ?circulator? special elevated user > permission for updating item records, I should be able to go into their > patron record, open the user permission editor and assign them > update_item_record (or some such). Right? Yes. But I'll caution you that you might want to go ahead and designate permission groups that you think you'll need later. For example, if you see that a group of "circulators" would always need the extra permissions, it makes more sense to just create a new permission profile and assign *that* to those users rather than assigning permissions singly, which is hard to track and inefficient. > Well, the problem is that we are trying to do something like that for several > different pre-assigned groups and it is not working. For the ?volunteer? > group for instance. I have assigned several users in our system to that > profile, but one or two need modifications. When I go to that patron record, > into the user permission editor, everything is greyed out and it won?t let > me change anything. One or two permissions listed there I would like to > remove (like Admin Toolbar! What? For volunteers?) or even change the level > at which they have permission. Nope. No dice. You need to have the group application permission to be able to edit specific groups. To do this, go to Admin -> Server Administration -> Permission Groups, select the group you want, then make sure the "Editing Permission" is set. Note that you can create a new permission for this if you need to in Admin -> Server Administration -> Permissions (you'd need to reload the perm groups interface to see the change). Then just make sure the user who is doing the editing has been assigned the "Editing Permission" for that group. This is best done in the Permission Groups setup, for what it's worth. > And where is that admin > toolbar thing set anyway? Who gave volunteers that permission? It is not > listed in the group permissions editor. (they can also see and edit the > Library Settings!) > Second, I have no problem with the defaults being assigned, but I would like > to know what they are for each group so I can understand what other > permissions need to be added. What I really want is I would REALLY like to > remove some of them from individuals assigned to that group. So, for > instance, I have a staff user that is assigned to a staff category of > ?volunteer?. All good. But then maybe one or two of the users in that > volunteer category really should NOT be able to create, view, or update any > user accounts. When I go into the user permission editor for those users, I > CANNOT REMOVE THAT PERMISSION! I am appalled. Why is this? I get that maybe > it is a default setting for that group of users, but in each user editor, > shouldn?t I be able to remove it if I would like? But nothing I do will let > me make this change. Is this a bug? Is this the way it is supposed to work? > If not, how do I make it work the way I would like? Permissions are inherited from higher up the tree, so that permission may be assigned at the "Circulator" or even the "Staff" or "Users" level. You can remove it from the higher level of the hierarchy and re-assign it to specific child groups (e.g. "Circ 1", "Circ 2" or whatever). That also means that permissions cannot be removed singly from the User Permission Editor. You'd need to remove the perm from the permission group, then assign the desired permission at the desired level to specific users who need it. One more thing to know is that if you do assign permissions to single users via the User Permission Editor, that setting will override anything set for that permission in the Permission Groups setup.\ > So, why can I change some user permissions for patrons (I am having no > trouble with our ?catalogers?), but others are all sort of fuzzed out and > won?t let me add or delete anything in the user permission editor. I can > check a box and click save but nothing happens. Do I have to start all over > and just create all new groups first?? (and I AM the admin and logged in as > such when trying all of this) I would actually take that approach. I know it probably sounds like a burden to re-do everything, but you'd probably only ever have to do it once and then occasionally tweak them at need. Once the permission groups match your actual setup, you probably won't have to think about permissions anymore (speaking from experience here). > For instance. When I assign a user to a ?staff? account ? does not matter > what kind ? it looks to me like several blanket types of permissions are > automatically granted. Even if no group permission are assigned to that > group, when I go to the user permission editor, there are several basic > boxes checked. Such as ?create_user? and ?update_user?. However, when I > assign a user to a ?Patron? account, those permissions are NOT granted > automatically. Why is this? What settings controls what default and blanket > permissions are given to what types of users in the system? See my comments about inheritance above. Hope that's helpful. Please reply back if you need more help! Chris -- Chris Sharp PINES System Administrator Georgia Public Library Service 1800 Century Place, Suite 150 Atlanta, Georgia 30345 (404) 235-7147 csharp at georgialibraries.org http://pines.georgialibraries.org/ From csharp at georgialibraries.org Wed Jan 21 09:38:51 2015 From: csharp at georgialibraries.org (Chris Sharp) Date: Wed, 21 Jan 2015 09:38:51 -0500 (EST) Subject: [Evergreen-admin] Deactivating this list - please subscribe to Open-ILS-Dev for technical assistance In-Reply-To: <1013354727.2646181.1421850697449.JavaMail.zimbra@georgialibraries.org> Message-ID: <801324177.2646611.1421851131620.JavaMail.zimbra@georgialibraries.org> Hello all, There was a discussion last week about the state of this list (see http://libmail.georgialibraries.org/pipermail/open-ils-general/2015-January/011015.html and following), and there was a general consensus to deactivate Evergreen-Admin and redirect Evergreen technical questions to the Open-ILS-Dev list. I invite you to subscribe to that list if you haven't already: http://list.georgialibraries.org/mailman/listinfo/open-ils-dev. Note that your system administration questions are welcomed in any Evergreen email list, the IRC channel or other communications venue (see http://evergreen-ils.org/communicate/ for options). Thanks! Chris Evergreen-ILS Email List Admin -- Chris Sharp PINES System Administrator Georgia Public Library Service 1800 Century Place, Suite 150 Atlanta, Georgia 30345 (404) 235-7147 csharp at georgialibraries.org http://pines.georgialibraries.org/