[Koha] Minimum permissions needed for patron search

Alvaro Cornejo cornejo.alvaro at gmail.com
Sat Sep 9 02:10:14 NZST 2023


Hi Joel

What about your work-study students being assigned a second account as
staff where you set the permissions needed?

Don't remember the staff permissions details but I guess there might be one
that will fit your needs.

Regards,

Alvaro



|----------------------------------------------------------------------------------------|
 Stay safe / Cuídate/  Reste sécurisé
*7* Switch off as you go / Apaga lo que no usas /  Débranchez au fur et à
mesure.
 *q *Recycle always / Recicla siempre / Recyclez toujours
 P Print only if absolutely necessary / Imprime solo si es necesario /
Imprimez seulement si nécessaire


Le ven. 8 sept. 2023 à 09:01, Coehoorn, Joel <jcoehoorn at york.edu> a écrit :

> We're a small college using Koha for our library circulation. Our library
> uses workstudy students to man the desk and do *basic *circulation tasks.
> Anything advanced, like adding or receiving holds, fines, etc, and the
> student will get an actual librarian.
>
> These workstudy students are also regular patrons, so the workstudy job is
> accomplished with a dedicated login, with the password saved on the
> circulation PC so the students don't actually know how to login as a staff
> person otherwise. FERPA and related laws require us to treat this as an
> extremely low-trust position. Historically, this login has only had the
> "View Patron Infos from any Libraries
> (view_borrower_infos_from_any_libraries)" permission in the "Add Modify
> Patron Information (borrowers)" section. We also use SAML for
> authentication.
>
> Recently, this account is no longer able to search for patrons by name. If
> a student comes to the desk to checkout a book and forgets their card, our
> workstudy account used to be able to search them by name and proceed with
> the checkout process. Now, this enters a SAML redirect loop trying to
> validate permissions for the login, which is detected and broken with an
> error by the identity provider. I can't find where in Koha, if anywhere,
> this is being logged to help resolve it. They are otherwise able to
> circulate material if they can lookup the patron by barcode.
>
> I discovered the problem goes away if we add the "Add, modify and view
> patron information (edit_borrowers)" to the login. Then they are able to
> continue circulation as normal. However, we don't want this account to be
> able to add or modify borrows, especially as this information all syncs
> from our student information system. We don't want manual edits... ever.
>
> How can I fix this? Why do we need to give edit permissions just to do a
> search?
>
> *Joel Coehoorn*
> Director of Information Technology
> *York University*
> Office: 402-363-5603 | jcoehoorn at york.edu | york.edu
>
> *Please contact helpdesk at york.edu <helpdesk at york.edu> for technical
> assistance.*
>
>
> The mission of York University is to transform lives through
> Christ-centered education and to equip students for lifelong service to
> God, family, and society
> _______________________________________________
>
> Koha mailing list  http://koha-community.org
> Koha at lists.katipo.co.nz
> Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha
>


More information about the Koha mailing list