Hi Joel What about your work-study students being assigned a second account as staff where you set the permissions needed?
Don't remember the staff permissions details but I guess there might be one that will fit your needs. Regards, Alvaro |----------------------------------------------------------------------------------------| Stay safe / Cuídate/ Reste sécurisé *7* Switch off as you go / Apaga lo que no usas / Débranchez au fur et à mesure. *q *Recycle always / Recicla siempre / Recyclez toujours P Print only if absolutely necessary / Imprime solo si es necesario / Imprimez seulement si nécessaire Le ven. 8 sept. 2023 à 09:01, Coehoorn, Joel <jcoeho...@york.edu> a écrit : > We're a small college using Koha for our library circulation. Our library > uses workstudy students to man the desk and do *basic *circulation tasks. > Anything advanced, like adding or receiving holds, fines, etc, and the > student will get an actual librarian. > > These workstudy students are also regular patrons, so the workstudy job is > accomplished with a dedicated login, with the password saved on the > circulation PC so the students don't actually know how to login as a staff > person otherwise. FERPA and related laws require us to treat this as an > extremely low-trust position. Historically, this login has only had the > "View Patron Infos from any Libraries > (view_borrower_infos_from_any_libraries)" permission in the "Add Modify > Patron Information (borrowers)" section. We also use SAML for > authentication. > > Recently, this account is no longer able to search for patrons by name. If > a student comes to the desk to checkout a book and forgets their card, our > workstudy account used to be able to search them by name and proceed with > the checkout process. Now, this enters a SAML redirect loop trying to > validate permissions for the login, which is detected and broken with an > error by the identity provider. I can't find where in Koha, if anywhere, > this is being logged to help resolve it. They are otherwise able to > circulate material if they can lookup the patron by barcode. > > I discovered the problem goes away if we add the "Add, modify and view > patron information (edit_borrowers)" to the login. Then they are able to > continue circulation as normal. However, we don't want this account to be > able to add or modify borrows, especially as this information all syncs > from our student information system. We don't want manual edits... ever. > > How can I fix this? Why do we need to give edit permissions just to do a > search? > > *Joel Coehoorn* > Director of Information Technology > *York University* > Office: 402-363-5603 | jcoeho...@york.edu | york.edu > > *Please contact helpd...@york.edu <helpd...@york.edu> for technical > assistance.* > > > The mission of York University is to transform lives through > Christ-centered education and to equip students for lifelong service to > God, family, and society > _______________________________________________ > > Koha mailing list http://koha-community.org > Koha@lists.katipo.co.nz > Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha > _______________________________________________ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha
