[Koha] Minimum permissions needed for patron search

Katrin Fischer katrin.fischer.83 at web.de
Tue Sep 12 06:48:39 NZST 2023 

Hi all,

there is a bug with some discussion on this:

*Bug 30230*
<https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30230> -
Search for patrons in checkout should not require edit_borrowers permission

Hope this helps,

Katrin

On 08.09.23 16:52, Сычев Игорь Алексеевич wrote:
> Hi Joel!
> Earlier I wrote about a similar problem.
> https://lists.katipo.co.nz/public/koha/2023-April/059340.html
> I have tried different options, the search ends with an error if "edit_borrowers" is not allowed.
> Now version 23.05.03 the problem remains.
>
> Good Luck!
>
> Igor A. Sychev
> Tomsk Polytechnic University
> https://lib.tpu.ru
>
>
> -----Original Message-----
> From: Koha<koha-bounces at lists.katipo.co.nz>  On Behalf Of Coehoorn, Joel
> Sent: Friday, September 8, 2023 9:00 PM
> To: koha<koha at lists.katipo.co.nz>
> Subject: [Koha] Minimum permissions needed for patron search
>
> We're a small college using Koha for our library circulation. Our library uses workstudy students to man the desk and do *basic *circulation tasks.
> Anything advanced, like adding or receiving holds, fines, etc, and the student will get an actual librarian.
>
> These workstudy students are also regular patrons, so the workstudy job is accomplished with a dedicated login, with the password saved on the circulation PC so the students don't actually know how to login as a staff person otherwise. FERPA and related laws require us to treat this as an extremely low-trust position. Historically, this login has only had the "View Patron Infos from any Libraries (view_borrower_infos_from_any_libraries)" permission in the "Add Modify Patron Information (borrowers)" section. We also use SAML for authentication.
>
> Recently, this account is no longer able to search for patrons by name. If a student comes to the desk to checkout a book and forgets their card, our workstudy account used to be able to search them by name and proceed with the checkout process. Now, this enters a SAML redirect loop trying to validate permissions for the login, which is detected and broken with an error by the identity provider. I can't find where in Koha, if anywhere, this is being logged to help resolve it. They are otherwise able to circulate material if they can lookup the patron by barcode.
>
> I discovered the problem goes away if we add the "Add, modify and view patron information (edit_borrowers)" to the login. Then they are able to continue circulation as normal. However, we don't want this account to be able to add or modify borrows, especially as this information all syncs from our student information system. We don't want manual edits... ever.
>
> How can I fix this? Why do we need to give edit permissions just to do a search?
>
> *Joel Coehoorn*
> Director of Information Technology
> *York University*
> Office: 402-363-5603 |jcoehoorn at york.edu  | york.edu
>
> *Please contacthelpdesk at york.edu  <helpdesk at york.edu>  for technical
> assistance.*
>
>
> The mission of York University is to transform lives through Christ-centered education and to equip students for lifelong service to God, family, and society _______________________________________________
>
> Koha mailing listhttp://koha-community.org  Koha at lists.katipo.co.nz
> Unsubscribe:https://lists.katipo.co.nz/mailman/listinfo/koha
> _______________________________________________
>
> Koha mailing listhttp://koha-community.org
> Koha at lists.katipo.co.nz
> Unsubscribe:https://lists.katipo.co.nz/mailman/listinfo/koha

More information about the Koha mailing list