User Access WizardUser Access WizardUser Access policies are central to the security of the SirsiDynix Symphony system. The User Access policy associated with a user record determines which utilities, commands, and wizards in SirsiDynix Symphony and which folders, tabs, buttons, and reports in StaffWeb are available to that user. A User Access policy can reference different sets of wizards or folders or one set of wizards or folders; then the various User Access policies can be assigned to users based on their need to access WorkFlows wizards and StaffWeb folders.
From the List Policies window, you can create, display, modify, copy, or remove the User Access policies. Click Close to exit the wizard.
To modify the Access List for an existing User Access policy, click the Access List Tab. To modify the Access List for StaffWeb for an existing User Access policy, click the Access List for StaffWeb Tab. To create an Access List or an Access List for StaffWeb for a new User Access policy, you must first save the policy, then click the Access List tab or the Access List for StaffWeb tab.
Attributes
If you select a User Access policy and click one of the operation buttons, the following tabs display.
| • | Basic |
| • | Access List Tab |
| • | Access List for StaffWeb Tab |
| • | ERMS Tab |
The Basic tab displays the following attributes.
| • | Name |
| • | Description |
| • | User Level |
| • | Accountability Operator |
| • | Access Type |
| • | Simultaneous Users |
| • | Request List |
| • | Command List |
| • | Report Group List |
| • | Properties |
| • | Show Customized Policy List |
| • | Toolbar List |
| • | Password Expiration |
This attribute uniquely identifies a user’s access. This name is ten characters or less, and may not include spaces or punctuation, except for dash (-), underscore (_), and dollar sign ($). Additionally, the pipe character (|) may not be used.
This attribute provides more information about the policy and its use by the library. The description may be up to 60 characters in length. Although the Description attribute may contain spaces and punctuation, the pipe character (|) cannot be used.
All SirsiDynix Symphony users may be grouped into one of five hierarchical levels. The User Level attribute controls access to gateway destinations, affects the display of some fields in the client, and also is used to validate a user’s privilege to modify another user’s record. A library staff member may only modify the User Access or User Profile fields of another user’s record if his or her User Level is greater than that of the user record being modified.
| • | Extended Public level is used for non-staff members using the system who are not a part of the core public group primarily served by the library. Staff-only information does not display to users of this level, and shadowed items do not display. Libraries may also restrict access to gateway destinations, such as reference databases that may be licensed for use for only a library’s core group of users. This level is the default value for User Level. |
| • | Public level is used for non-staff users in the library’s core service group. Staff-only information does not display to users of this level, and shadowed items do not display to these users. |
| • | Staff level is used for library employees who, as a consequence of training and job function, need to see fields such as Item ID and Staff Comments and need to search for shadowed items. STAFF-level users may modify user access levels of PUBLIC and EXTENDED PUBLIC-level user records. |
| • | Supervisor level is intended for use by library staff supervisors. Users with this level may modify user access levels of STAFF, PUBLIC, or EXTENDED PUBLIC-level user records. Staff-only information displays for users of this level, and shadowed items display for these users. |
| • | System Administrator level is the highest level, and is intended only for the SirsiDynix Symphony administrator. Users of this level may modify the user access of any user record, including that of other SYSTEM ADMINISTRATOR-level records. Staff-only information displays for users of this level, and shadowed items display for these users. |
Select this attribute to indicate whether or not users with this User Access policy can enter accountability information. This attribute displays only if your system is configured to use the Accountability module. By default, this attribute is not selected.
This value is the number of sessions a user with this User Access policy is allowed to run simultaneously in the system. If a User Access policy and login is personal (to be used by a single staff member only), then the number of sessions for that user is one. If a User Access policy and login is to be shared (used by several people in the same department or work area), then the number of sessions should be equal to the number of staff users. This number may be set as desired, from 1 to 24,999. When a user logs in, the user access associated with the user record is checked for the maximum number of simultaneous sessions allowed. If the same user is currently running other sessions, and this new session would exceed the number allowed by the user access, SirsiDynix Symphony responds with the following message.
CIRC will exceed maximum allowed logins. Goodbye.
For example, the number of simultaneous users is set to one for the CIRC User Access policy, then a user record, called CIRC-MAIN, that uses this access is only permitted to login once. However, another user that is registered as CIRC-BRANCH, using the same User Access Policy (CIRC), will also be allowed to login once.
A user may have an access type or PERSONAL or SHARED.
| • | Personal is for an individual. If a login is personal, it will allow the user to go directly to his or her own personal information, including User Services or My Account information and the My Favorites information in the e-Library, with the ability to configure how My Favorites works and the ability to add My Favorites with the Tell-Me-When button. This access type is the default value for Access Type. |
| • | Shared is for multiple users. If a login is shared, then the user will be prompted to type a User ID or PIN for identification before accessing User Services information. |
Users must have a PERSONAL access type to see My Account information in the e-Library.
The delivered NOACCESS User Access policy must have a SHARED access type.
The PIN of a shared user cannot be changed through the e-Library.
This attribute assigns a list of request types to a user. When using the request buttons in the e-Library, a user may select a request type from those listed. Only request types on the user’s Request List display. This attribute references the Request List policies. The request types are defined in Request Type policies. Select a request list from the list. Use the Request List Policy helper (Request List Wizard) to create or modify Request List policies, if needed.
Note: This attribute is required
Each Access Control policy must include a command list. This attribute references the Command List policies. Select a command list from the list. Use the Command List Policy helper (Command List Wizard) to create or modify Command List policies, if needed.
Note: This attribute is required.
Each User Access policy may require access to one or more report groups. This attribute specifies which report groups may be used while in the Report module. Use the Policy List gadget to select report groups. If no report groups are specified in the Reports attribute, the following message appears when report wizards are selected.
No report groups have been permitted
This attribute allows a SirsiDynix Symphony administrator-defined set of properties to be selected from the property list. The client properties specify which fields display in the window, which helper and activities can be performed in each window, and the default values for required fields. The properties file, named site, is the default for all existing User Access policies. This attribute can contain NONE if no default properties should be downloaded, or can contain the name of a file from the /Unicorn/Config/Properties directory. Assigning a named properties file to a User Access policy permits all logins that are associated with that user access to share the same wizard customizations.
Note: Two files in the /Unicorn/Config/Properties directory, system and wfsconfig, are for internal use and are not included in the list of files to select.
When a User Access policy is created or duplicated, an existing properties file should be selected. By default, the properties file is empty, so that system-wide properties are applied until the SirsiDynix Symphony administrator saves properties for a given user access on the server.
For more information about the properties file, see SirsiDynix Symphony Administrator Tasks.
If you select the Show Customized Policy List check box, the user login linked this User Access policy will see customized policy lists (for the library of this user’s login) in the WorkFlows client and in the e-Library clients. If you clear this check box, the user will see the complete list of policies available on the system. Customized lists appear in wizard lists and policy selection gadgets, such as the Policy List gadget. For more information, see the Customize Policy List Helpers.
This attribute restricts toolbar files to particular groups of users. Click the Policy List gadget for this attribute, and the toolbar files from the /Unicorn/Clients/Toolbar/Workflows and /Unicorn/Clients/Toolcust/Workflows directories are presented for selection. Select the approved toolbars for this User Access policy. When a user logs in with a login linked to this policy, he or she will only have access to the allowed toolbars, in addition to any toolbars saved locally. If you do not select any toolbars for the Toolbar List attribute, all toolbars will be available to the user.
This attribute specifies the number of seconds for which the password is valid for a user with this user access.
Note: This attribute only appears if the system is configured to use passwords.
Clicking the Access List tab displays folders that represent the SirsiDynix Symphony modules installed on your system. Folders for modules not available on your system appear in grey. Clicking the plus sign next to a folder displays the available wizards for a module. Selecting the User Access policy name check box selects all available modules and wizards. Selecting a module folder check box automatically selects all of the wizards within that module. Clear the check boxes for the modules and/or wizards to which you do not want this user to have access.
When creating a new User Access policy, you must first save your changes on the Basic tab, select the new User Access policy from the policy list, and click Modify before you can make selections on the Access List tab.
SirsiDynix delivers access lists for ADMIN, SIRSI, PUBLIC, CIRC, TECH, SCANNER, and WEBSERVER.
If you do not want users with this user access to be able to save properties to the server, do not include the Save Properties wizard in the access list.
In order to use the Hyperion wizards, the SirsiDynix Administrator first needs to review Understanding User Access and Security in Hyperion and select or clear the Resource Manager wizard in the “Other” access list.
Clicking the Access List for StaffWeb Client tab displays folders that represent the folders, tabs, buttons, and reports available in StaffWeb.
Clicking the plus sign next to a folder displays the available tabs and buttons for the folder. In the Report folder, clicking the plus sign next to the folder displays the available report groups and individual reports. Selecting the User Access policy name check box at the top of the access list selects all available folders, tabs, buttons, and reports. Selecting a folder check box automatically selects all of the tabs, buttons, or reports within that tab. Clear the check boxes for the folders, tabs, buttons, and reports to which you do not want this user to have access.
When creating a new User Access policy, you must first save your changes on the Basic tab, select the new User Access policy from the policy list, and click Modify before you can make selections on the Access List for StaffWeb tab.
SirsiDynix delivers StaffWeb access lists for ADMIN, SIRSI, PUBLIC, CIRC, TECH, SCANNER, and WEBSERVER.
The ERMS tab displays the Serials Solutions ERMS account information for this user access. When a user clicks the ERMS wizard on the Acquisitions or Serial Control toolbar, the wizard launches a browser, and automatically logs in to the Serials Solutions ERMS application with the following URL and account information.
ERMS account information is never saved to a user’s workstation.
The ERMS tab displays the following attributes.
| • | URL |
| • | Account |
| • | Password |
This attribute stores the Serials Solution ERMS URL. Currently, there is only one URL, http://www.serialssolutions.com/cc/login.asp. Others will be added in future versions of SirsiDynix Symphony. This field can contain up to 256 characters.
This attribute stores the ERMS user’s account name, which is typically an email address. The account name can be up to 60 characters in length.
This attribute stores the ERMS user’s password, which can be up to 60 characters in length. When typed, the password will be masked with asterisks.
Related topics
Access Control Configuration Wizards
SirsiDynix Symphony Administrator Tasks
© 2006, 2014 SirsiDynix