The Privilege tab contains security and privilege information for a user. The Privilege tab displays when using the Modify User wizard and the New User Registration wizard. This tab contains the following user information fields.
| • | BLUEcloud Staff ID |
| • | Claims Returned |
| • | Override |
| • | Password |
| • | PIN |
| • | Privilege Expires |
| • | Status |
| • | Web Auth ID |
These fields may also display if your system is configured to use passwords.
| • | Date Last Failed |
| • | Date Last Modified |
| • | Number of Failed Logins |
This field may contain a BLUEcloud identification key (an email address or user name) that associates a Universal Admin user with a SirsiDynix Symphony user.
The purpose of the BLUEcloud Staff ID field is to allow authentication between BLUEcloud products and SirsiDynix Symphony via Universal Admin; if the Email/User Name value entered by the Universal Admin user matches the value in this field, the user is allowed access to the SirsiDynix Symphony database.
Important: The BLUEcloud Staff ID field is case sensitive in the SirsiDynix Symphony database; the value in the Email/User Name field in the Universal Admin user account and the value in the BLUEcloud Staff ID field in the corresponding SirsiDynix Symphony user record must be exactly identical, including any uppercase and lowercase characters.
This field contains the number of times a user has claimed to return items. This field is automatically updated when an operator puts a claims returned date in the charge record.
This field contains the date that someone last entered the user’s user ID, then incorrectly entered the user’s password. This field displays only if your system is configured to use passwords.
This field contains the date that the user’s password was last changed, either through the public access catalog or by using a library staff wizard. This field displays only if your system is configured to use passwords.
This field contains the number of times that someone entered the user’s user ID, then incorrectly entered the user’s password. This field displays only if your system is configured to use passwords.
An override must be entered to manually change the editable fields on the Privilege tab. The Override field allows you to enter the override code. If you do not know the override code, see your SirsiDynix System Administrator.
SirsiDynix Symphony can be configured to use encrypted passwords at least six characters in length instead of using PINs to allow access to SirsiDynix Symphony and user information. Any entered password is checked against a password cracking utility; passwords that are security risks are rejected. The user’s access level is compared to the record’s access level. If the user’s access level is not at least one level above the record’s access level, the login PIN or password on the Privilege tab cannot be seen or modified. Even if the global policies governing the display of PINs and passwords are set for the user to view them, the PINs and passwords will not display if the user access level is not high enough to view or modify them.
Note: The exception is the System Administrator level, since one user with System Administrator privileges can modify the record of another user with System Administrator privileges.
For information about global policies that affect the use of PINs by the system and the display of the PIN and Password fields in WorkFlows, go to the Global Configuration wizard.
The PIN (Personal Identification Number) is a personal code optionally assigned to every user in the system. If both the user ID and PIN are entered correctly, you can access confidential information about your circulation status. The primary purpose of the PIN is to provide an extra level of security when permitting patrons to place their own holds and to view their charges, holds, bills, and requests.
Default PIN behavior
By default, SirsiDynix symphony generates random, 1 to 10 digit PINs during User registration. These PINs can be changed to uppercase letters or to a combination of letters and numbers. Letters in PINs are automatically saved as uppercase. Under the default setting Symphony automatically uppercases the letters in PINs during login, so that PINs are effectively case insensitive.
Policy PIN behavior
If Use Policy PINs is enabled, an administrator may define specific PIN requirements in the User PIN Policy wizard. All new PINs, whether generated automatically or defined manually, must meet those PIN requirements.
With Use Policy PINs enabled, PINs are case sensitive. This changes the behavior of the PIN during login. Any patron who has a PIN that was created prior to the configuration change will have to manually uppercase the letters in the PIN during login.
The PIN policy is enforced through two different settings: each User Access policy has a Type attribute that designates a user as PUBLIC, and the library has configured the system to require PINs for certain activities for PUBLIC user access.
This field contains a date after which the user may no longer have circulation privileges. This field is automatically entered based on the user’s profile. When modifying a user, entering a different date in this field changes the length of this user’s privilege. After entering a new date in the Privilege Expires field, enter the override code in the associated Override field.
Note: In the Modify User wizard, if you attempt to modify the privilege expiration date, but have the Profile Modified/Auto Extend Privilege property enabled, the privilege limit date in the user profile will always overwrite the custom privilege date. The wizard will display a confirmation message explicitly stating the new date.
In the New User Registration wizard, if you change the user profile and change the privilege expiration date using an override, the custom privilege date will be used rather than the privilege limit date defined in the user profile.
This field contains the user’s circulation status, such as BARRED, BLOCKED, DELINQUENT, or OK.
| • | BARRED means users cannot checkout items. A user cannot be automatically barred or unbarred. This status must be set or removed by a workstation operator with special privileges. |
| • | BLOCKED designates users with unpaid bills and accrued fines that reach a certain amount or they have a certain number of overdue items as defined in the policy file. A special override operator is required to check out items to a blocked user. |
| • | DELINQUENT designates users with unpaid bills or overdue items. Delinquent users can still check out items and have all the other privileges of OK users, but the workstation operator will be warned that the user is delinquent. |
| • | OK means users have full library privileges as defined in the policy file. |
In addition to these delivered user statuses, you may also have custom user statuses as defined in the User Standing policies. When custom User Standing policies are present, the custom user statuses that will display will include the following.
| • | Custom User Standing policies with a delinquency type of BARRED. As with the delivered BARRED status, they must be set or removed by a workstation operator with special privileges. |
| • | Custom User Standing policies with an Auto-replace setting of Never. |
| • | Custom User Standing policies with an Auto-replace setting of Raise Only whose delinquency type is equal to or more restrictive than that of the user’s current user status. |
Note: If the user status is BARRED or a custom user status with a delinquency type of BARRED, you can change the user status to the correct circulation status by selecting Reinstate User in the Status list. The Reinstate User selection displays in the Status list only when the user’s status is currently BARRED or a custom user status with a delinquency type of BARRED.
The BLOCKED, DELINQUENT, and OK statuses are maintained by the system. If you change a user’s status from BARRED or a custom user status with a delinquency type of BARRED to OK using the Reinstate User selection, the system may instead set the status to BLOCKED or DELINQUENT if the user has unpaid fines or overdue items.
This field may contain a Web authentication key from the centralized authentication server. This ID works behind the scenes to verify that the user is authorized to use library services.
The purpose of the Web Auth ID field is to allow user authentication to Lightweight Directory Access Protocol (LDAP) compliant servers. User records containing data in the Web Auth ID field can be authenticated against a LDAP server.
It is possible to configure the User Search helper to allow searching by the Web Auth ID field. See the User Search Fields global configuration policy for more information.
Note: If you are interested in using the LDAP User Authentication feature contact your SirsiDynix Client Sales consultant for pricing and scheduling information.
© 2006, 2014 SirsiDynix