I have been thinking about the current intranet security setup whereby any staff member can access any part of the intranet. Is this the policy in the libraries that are currently using Koha? It may be important to some of the larger systems (where more than a dozen people are using the intranet) to increase the levels of password protection. My concern is less of a control issues and more of an "oops I just deleted our main branch" issue. Even adding one more layer by seperating the admin from the normal staff functions might be useful. Even better, maybe users could be added and given "permission" to access parts of the intranet. What does everyone think? Joshua
Can anybody point me to a web host already familiar with Koha in the New York City area? Thanks. Davida NKR Associates Inc 201-947-8039 mailto:dscharf@NKRassociates.com www.NKRassociates.com
Hello all, I believe we already have this with C4::Auth.pm and things like member flags. Chris, want to expound on this? ;-] Mike
On Fri, Apr 18, 2003 at 08:34:24PM -0400, Joshua Ferraro said:
I have been thinking about the current intranet security setup whereby any staff member can access any part of the intranet. Is this the policy in the libraries that are currently using Koha? It may be important to some of the larger systems (where more than a dozen people are using the intranet) to increase the levels of password protection. My concern is less of a control issues and more of an "oops I just deleted our main branch" issue. Even adding one more layer by seperating the admin from the normal staff functions might be useful. Even better, maybe users could be added and given "permission" to access parts of the intranet. What does everyone think? Joshua
Hi Joshua We already have something like this implemented. Users (be they members or staff) have a set of flags set that regulate what they can and cant do in koha. Currently this is the set of perimission available http://hlt.katipo.co.nz/cgi-bin/koha/member-flags.pl?member=12739 Its pretty simple to extend that more though. Hope this helps Chris -- Chris Cormack Programmer 027 4500 789 Katipo Communications Ltd chris@katipo.co.nz www.katipo.co.nz
Joshua Ferraro wrote:
I have been thinking about the current intranet security setup whereby any staff member can access any part of the intranet. Is this the policy in the libraries that are currently using Koha? It may be important to some of the larger systems (where more than a dozen people are using the intranet) to increase the levels of password protection. My concern is less of a control issues and more of an "oops I just deleted our main branch" issue. Even adding one more layer by seperating the admin from the normal staff functions might be useful. Even better, maybe users could be added and given "permission" to access parts of the intranet. What does everyone think? Joshua
Hi Joshua, I've one good and one bad new :-) the bad being you're wrong. the good being you're wrong :-))) In the members area, you have an option (bottom left : modify user flag ) to choose between 11 differents actions a librarian can do in the DB : FLAGS superlibrarian Access to all librarian functions circulate Circulate books catalogue View Catalogue (Librarian Interface) parameters Set Koha system paramters borrowers Add or modify borrowers permissions Set user permissions reserveforothers Reserve books for patrons borrow Borrow books reserveforself Reserve books for self editcatalogue Edit Catalogue (Modify bibliographic/holdings data) updatecharges Update borrower charges Note that all users can't do anything by default : most users are just borrowers, not librarians. -- Paul POULAIN Consultant indépendant en logiciels libres responsable francophone de koha (SIGB libre http://www.koha-fr.org)
participants (5)
-
Chris Cormack -
Davida Scharf -
Joshua Ferraro -
Mike Hansen -
paul POULAIN