Security

SYSTEM-A/TT

Table of Contents

Security preferences allow operators (with the appropriate authority) to modify existing or create their own custom security groups. Set permissions for Management (patrons/items), Tools, Circulation, Preferences, Reporting/Operations, and Researcher/Account settings. In turn, these Security Groups (assigned to individuals in Patrons Management) determine what actions operators or patrons are permitted to perform. By default, Administrator-level access are the only security groups that allows you to do this.

See also Adding Operators to learn how to add people who need different security levels; Security Best Practices; and Password Management Best Practices.

If you haven’t yet created a District Administrator for your union site, the very first time that you attempt to access the program or one of its online components (e.g. /preferences), you’ll be tasked with creating an Administrator-level operator that may be later edited, but never removed. Your first operator needs to be a District Administrator with the equivalent Security Group. The District Administrator security group is only meaningful for multi-library collection licenses (Centralized Catalog, WAN, etc.). For all other licenses, the District Administrator security group is analogous to the Library Administrator.

Security Groups

The Security Groups record list shows all default and custom security groups that are set up for your site. These can be assigned to your operators and patrons in Patrons Management. Operators with the appropriate authority can add, duplicate, edit, or remove any of the custom security groups for your site.

Each group is assigned different default settings. Default security groups, listed below, can be edited but cannot removed or renamed.

• District Administrator. Full access to every control and setting within Alexandria, including the ability to examine and change registered operators. Operators at this level can edit district-level preferences and have access to all library preferences. All other access levels can only modify records from their assigned library collections. The District Administrator security group cannot be removed or modified.
• Library Administrator. Full access to every control and setting within Alexandria, including the ability to examine and change registered operators. Operators with this security group can only edit preferences for their assigned collection.
• Librarian. Full access to every control and setting within Alexandria and Textbook Tracker, except the ability to examine registered operators and Address Books.
• Textbook Library Administrator. Full access to every control and setting to manage textbooks within Alexandria. Operators with this security group can only edit preferences for their assigned collection.
• Textbook Librarian. Full access to nearly every control and setting to manage textbooks within Alexandria.
• Library Staff. Access to all system functions and reports, except for Preferences, Imports, and Utilities.
• Library Aide. Access to Alexandria Librarian capabilities and standard circulation commands, with the authority to allow restricted actions. For example, if a patron has too many books issued, a warning message appears when the patron tries to check out another book. With this security group, the library aide can override the message and allow the patron to check out another book.
• Bulletin Board Manager. Patron-level access with the ability to manage holds, reservations, perform renewals, and add reviews.
• Patron (default). This is the default security group for all newly created patrons. The only settings that can be modified in this security group are permissions for their own patron account, such as the ability to place holds and reservations when using Researcher.
• Patron Limited. For convenience, this is essentially the same as the Patron security group, but you are able to modify most permissions.
• Self-Service. Supports Student Aide privileges with the addition of the Check In and Bookdrop circulation commands. The Circulation window is allowed for Bookdrop mode only. At this security level, overdue fines are automatically recorded with no opportunity to accept payment or forgive/adjust fines. Fines are still displayed in the transaction log.
• Student Aide. Access to Alexandria Librarian capabilities and standard circulation commands, but no authority to allow restricted actions

Add a new Security Group

Only users with the appropriate security group settings can add, remove, or duplicate security groups.

Click the add (+) button in the module header.

---

Permissions

On the right side of the window, security settings are grouped by tabs.

• Account
• Management
• Circulation
• Tools
• Operations
• Preferences

These settings define what a user assigned to this security group will have access to. Settings in the dropdown menus are listed top to bottom from least to most access.

Use the dropdown menus in each tab to enable or disable security preferences for the group you’ve selected. For each permission, users assigned to that security group will have access to/can perform the functions they’ve they’ve been assigned plus all lower-level actions/functions listed above.

---

Account

How users interact with their account.

Security Level. Security Level controls which security groups a user can modify. For example, patrons assigned a security group with Security Level 2 can only modify groups with a Security Level of 3 or lower (3, 4, 5). However, this rule does not apply to District Administrators (Level 0).

• 5 – Patron
• 4 – Aide
• 3 – Staff
• 2 – Librarian
• 1 – Administrator
• 0 – District Administrator

Password Strength. Patron passwords must meet the set requirements. Passwords are not case sensitive.

• None: no requirements
• Weak: At least 6 characters.
• Regular: At least 8 characters, including at least one letter (a-z) and one number (0-9).
• Strong: At least 10 characters, including at least one letter (a-z), one number (0-9), and one symbol (!@#$%^&*-=+.,).

Patron Status

This controls what your patrons can do when in Patron Status.

Patron Status.

• Patron Status.
  • No Access
  • Basic Access → currently this means you can not view contact/password information at all.
  • View Contact Information → can view your Account tab with contact information but can not edit it.
  • Edit Contact Information
  • Edit Username and Password
  • Edit
• Manage holds. Allow patrons to edit and remove their own holds.
• Manage reservations. Allow patrons to edit and remove their own reservations.
• Renew library items. Allow patrons to renew their library items (does not apply to Textbooks).
• Make payments. A patron can pay charges with their available credit.

Reviews

See Reviews Security.

• Reviews.
  • View → can see reviews but can not Add or Edit their own reviews
  • Add – Requires Approval → also allows user to Edit their own reviews
  • Add – Always Approved → also allows user to Edit their own reviews
• Show Reviewer As.
  • Anonymous
  • Initials
  • Full First Name and Last Name Initial
  • Full First and Full Last Name

---

Management

Give operators access to management modules.

• Patrons. This controls access to Patrons Management as well as patron operations.
  • No Access
  • View
  • Manage Notes
  • Edit
  • Add
  • Remove
  • Import, Export, and Utilities
• Edit Patron Passwords. You may want to allow only some types of users to change patron passwords. Note that no user can see patron passwords as they are encrypted.

• Library Items. This controls high-level access to item titles.
  • No Access
  • View
  • Edit
  • Add
  • Remove
  • Import, Export, and Utilities
• Library Copies. You may limit some users to editing copies only (at their site).
  • No Access
  • View
  • Manage Notes
  • Edit
  • Add
  • Remove
• Textbook Items.
  • No Access
  • View
  • Manage Notes
  • Edit
  • Add
  • Remove
  • Import, Export, and Utilities
• Textbook Copies.
  • No Access
  • View
  • Manage Notes
  • Edit
  • Add
  • Remove

Builder

Control access to these management parts of Researcher.

• Builder (manage). Note that operators can only modify builder settings if they also have access to site/system preferences.
• Reviews.
  • No Access
  • View
  • Edit
  • Remove
• Maps.
  • Remove
  • View
  • Edit
  • Add
  • Remove
• Explore Builder.
  • No Access
  • View
  • Edit
  • Add
  • Remove
  • Import, Export, and Utilities
  • Import and Export
• Bulletin Builder.
  • No Access
  • View
  • Edit
  • Add
  • Remove

---

Circulation

Choose which parts of circulation that operators are allowed to perform.

• Library Circulation.
  • No Access
  • Perform
  • Import, Export and Utilities
• Textbook Circulation.
  • No Access
  • Perform
  • Import, Export and Utilities
• Perform circulation override. Turn this on to allow these operators to override circulation rules such as checkout limits.
• Use system patrons. Access to, for example, the Discarded patron, or marking items as Lost. Learn more about System Patrons.
• Reservations.
  • No Access
  • View
  • Manage
• Perform Advanced Bookings. Learn more about Advanced Bookings.
• Holds.
  • No Access
  • View
  • Manage

• Charges.
  • No Access → Cannot view charges or make payments.
  • View → Can view charges, but cannot make payments.
  • Make Payment → Can make a payment.
  • Forgive Charges → Can forgive (waive) all or part of any outstanding balance for fees and fines.
  • Charge Fee → Can charge an additional fee.
• Payments.
  • No Access → Cannot view charges or history, process refunds, or add credit. When a lost item is bookdropped, any charges will be posted to the patron’s account automatically.
  • View → Can view charges in Circulation > History subtab. Cannot process refunds or add credit. When a lost item is bookdropped, any charges will be posted to the patron’s account automatically.
  • Add Credit → Can add credit in the Circulation > History subtab. Cannot refund previous payments to credit.
  • Refund → Can refund previous payments.
• Use Cash Drawer.

• In Transit.
  • No Access
  • Edit
  • Add
• Self-Service.
  • No Access
  • Check In Only
  • Check Out Only
  • Check In and Out

---

Tools

Allow access to these areas only for high-level operators. 

• Manage Security. Choose which operators can modify security settings. Note that security can only be modified for groups of lower security than your own group.
• Sites.
  • No Access
  • View
  • Edit
  • Add
  • Remove
• Policies.
  • No Access
  • View
  • Edit
  • Add
  • Remove
• Calendars.
  • No Access
  • View
  • Edit
  • Add
  • Remove
• Authority Control. Access to see terms and modify them in bulk.
• Perform inventory. This controls access to the Inventory Management module as well as to circulation commands for inventorying. Learn more about Inventory.
• Activity. Logging in to and setting up the Activity kiosk.
• Routes.
  • No Access
  • View
  • Edit
  • Add
  • Remove
  • Import, Export and Utilities
• Subscriptions.
  • No Access
  • View 
  • Edit
  • Add
  • Remove
  • Import, Export, and Utilities

---

Operations

For most operators, you’ll probably set all of these options to the highest access. Note that utility (change), export, and import permissions are set elsewhere for individual data types (e.g. in the Management tab for Patrons and Items). 

There are separate tabs to control access for Librarian Operations versus Textbook Tracker operations.

Operations. This controls the Operations Queue. Note that all operators have access to their own operations from the messages drawer.

• No Access
• View Personal
• View All
• Manage All

Notices

General Notices. This is access to set up and send Notices to patrons.

• No Access
• View
• Edit
• Add
• Remove

Labels

• General Labels. Access to most labels such as barcode and spine.
  • No Access
  • View
  • Edit
  • Add
  • Remove
• Patron Labels. Because patron data may include sensitive/private information, you can choose to limit access to patron labels.
  • No Access
  • View
  • Edit
  • Add
  • Remove

Reports

• General Reports. Access to most non-sensitive reports.
  • No Access
  • View
  • Edit
  • Add
  • Remove
• Patron Reports. Because patron data may include sensitive/private information, you can choose to limit access to patron reports.
  • No Access
  • View
  • Edit
  • Add
  • Remove
• Circulation Reports. Circulation data includes what patrons have checked out and other possibly sensitive information, so you can choose to limit access to these types of reports.
  • No Access
  • View
  • Edit
  • Add
  • Remove
• Special Reports. Access to reports in the Special category. Typically these are high-level (administrator-only) reports.
  • No Access
  • View
  • Edit
  • Add
  • Remove
• Legacy Reports. Reports that are being deprecated.
  • No Access
  • View
  • Edit
  • Add
  • Remove

---

Preferences

Give high-level operators access to preferences.

System Preferences

Only allow access to system preferences to those with the authority to change settings for all sites.

• Library System Preferences.
  • Manage z39.50 servers. Learn more about z39.50.
• Textbook System Preferences.
• Manage SIS Integrations. Learn more about SIS Integrations.
• Manage Setup. Learn more about Setup preferences.

Site Preferences

Site preferences are limited to the site you are logged in to.

• Library Site Preferences.
• Textbook Site Preferences.
• Browser Preferences.

---

Textbook Tracker

These preferences are shared with Alexandria. Preferences that are specific to Textbook Tracker but are also listed in default Alexandria security groups are set to No Access. These include:

• Management > Textbook Items
• Management > Textbook Copies
• Circulation > Textbook Circulation
• Preferences > Textbook System Preferences
• Preferences > Textbook Site Preferences
• Reporting > Textbook Tracker subtab

New patrons will be automatically assigned to the Patron security group with minimal permissions. However, if the patron needs more access to Alexandria or Textbook Tracker, you can change their assigned group to one that grants more appropriate permissions. You can change any security group, with the exception of Patron, to allow the user to log in as an operator.