Security Overview
Last updated
Last updated
Security is based on user ID. In order to access Circulation, a user ID must be set up for the user in User Profile. Once user IDs are defined, they can be assigned to one or more user groups. Each user group can be linked to one or more security IDs. The security ID is then linked to a menu item (menu, submenu, and/or menu option) or transaction type.
Access to menu items is restricted by security ID. This means that if a menu item has been assigned a security ID, only users in user groups linked to that security ID may access the menu item. Only one security ID may be assigned to a menu item, and if a menu item is not assigned a security ID, all users may access it. The same basic rules apply to transaction types.
You may also set up field level security for devices, companies, publications, and reason codes. And, security thresholds can be defined to limit the number of days or dollars entered in complaints, expire changes, extend grace transactions, grace writeoffs, and subscription payment adjustments.
One other area that is protected by security is spool files. Reports that are saved to spool must have a security setting (i.e. a security ID). This is specified in the View & Print Options window (see Viewing and Printing Reports in the User Manual). If a user ID does not belong to a user group (or their user groups are not linked to a security ID), the user will not be able to run reports in Circulation. So, you should have at least one security ID that is valid for all users.
The diagram below is an example of how security might be set up.
In this example, Dick is the accounting manager. He is part of user group ACCTMGR, which is linked to security ID ACCT. This allows Dick access to options on the Accounting menu. He occasionally enters Customer Service, so he is also part of user group SERVICES. However, he cannot access the Setup menu.
Jane is the system administrator. She is linked to user group SYSADMIN. Since the system administrator might need access to Circulation at any level, SYSADMIN is linked to all security IDs, and is thus able to access all menu items and transactions.
Mike is a Customer Service associate. He is linked to user group SERVICES. The diagram shows that he has access to Customer Service, and may modify payments.
Jim is a district manager. He is part of user group DM, which means he is linked to security ID ALL. At this site, security ID ALL is used for spool security. Jim cannot access the Setup or Accounting menus or Customer Service, but he can access all other menu items (because there is no security on them). Note that all other user groups are also linked to security ID ALL—that is because all users will use ALL for spool security.
Now let’s say we have a new employee, Alice. She will be a Customer Service associate. To add Alice as a user and give her appropriate security clearance, we would first set up a user ID for her in User Profile. Then we would select Specifics | User Group and add her to the group SERVICE and, of course, to ALL.
When planning security, it is a good idea to start by determining which menu items and transactions need to be secured. Look at the combinations of users that can access these items: for each different combination, you will need a different security ID. Once you have determined the security IDs, try to organize the users that need access to the same security IDs into functional groups (such as Customer Service, Accounting, and Publishing). Once you know the menu items/transactions that need to be secured, and the users, user groups and security IDs that will need to be set up, follow the steps below to define security.
Define user groups (described below).
Define individual users (see ) and set up Customer Service preferences for them (see ).
Link the users to the user groups (see )
Define security IDs (see ).
Link security IDs to user groups (see ).
Enter the menu security, if you will use it (see ).
Enter the transaction security, if you will use it (see ).
Enter field security, if you will use it (see ).
Enter security thresholds, if you will use them (see ).
Note: The can be a useful tool in planning and updating security.
