2019-09-25 User Management Meeting notes

Meeting URL

https://zoom.us/j/488543197

Date

Attendees

Goals

Notetaker: Maura Byrne

  • Search by specific fields – Erin was going to discuss requirements for this with the RA SIG, but if it hasn’t come up yet, we’ll discuss something else.
    (Uschi; Erin; - see 2019-09-11 Meeting notes for Uschi's test results at the bottom of the page)
  • Bulk user import – Patty was going to ask for info.
  • Deleting user records – we need to write user stories.  Have they been written?
  • Needs for PIN on user records, see what Jiras are existing, talk about requirements (Björn, others?)
  • Multiple Phone numbers UIU-254 - Getting issue details... STATUS (Erin)


  • FYI - Some news concerning Custom fields: the core functional team does work on this (Back end work), but the UX delevopment has stopped. All JIRAs in Project ui-customfields (UICFIELDS-xxx) have been set to "Open", some of them were "In Progress" before (Uschi)
  • FYI - UIU-1174 - Getting issue details... STATUS we talked about this topic last week

If we have additional time:

  • Reviewing requirements that have been created and attached for Custom Fields ( UXPROD-33 - Getting issue details... STATUS ) (Erin)
  • multiple e-mail addresses - There is no JIRA for this? (Uschi)
  • Feature request for notes on records being displayed in pop-up or other contexts. (Steffi)
    • Because this involves the Check in and Check Out apps, this may end up needing to be a feature request for RA to manage.
  • More topics from the Open Topics list

Action items from last meetings

  • Patty will create a feature to add validation to the (required) e-mail field
  • Patty will file a bug or feature to have Expiration date and Status actually decoupled from each other. (also refering to UIU-1255 - Getting issue details... STATUS )
  • Patty creates a JIRA issue: The field Birth date is not validated, you can enter a date in the future.
  • Patty suggests that Theodor Tolstoy presents the Chalmers SSO solution to us at one of the next meetings. Patty will reach out to Theodor to see about scheduling a time.
  • Patty will file a feature to work on password rules. It's difficult to find out which character combinations are allowed → It's not userfriendly. Proposal: make the password strength configurable
  • UXPROD-242 - Getting issue details... STATUS Patty will ask the CAP plan group for feedback. Erin will work with Patty to write a user story for a "thin thread" v.1 of this - a flag or checkbox on record, that if checked, would cause a record to not be updated.
  • UXPROD-259 - Getting issue details... STATUS Erin added a comment to the Jira since Cate Boerema was the reporter suggesting that it be closed.
  • Patty will write a feature about Improving Search in the Users App so that it can be ranked.
  • Patty will work on a story for the department field UIU-1224 - Getting issue details... STATUS UIU-1225 - Getting issue details... STATUS UIU-1211 - Getting issue details... STATUS
  • Patty will work on a story for preferred name/preferred pronouns UXPROD-1790 - Getting issue details... STATUS ("New feature")


Notes

Searching by specific fields

Requested by Erin N.

Erin was going to bring this up with RA-SIG, but they had a packed schedule this week and couldn't accommodate. 

Currently, user searching is a "starts-with" search that searched across all of the fields in the record.  This means that a great number of irrelevant results come back when searching for a name, for instance.  We did a test search for user "Li," and every record that began with "li" in the first name, last name, patron group, e-mail address, or barcode came up.  We could get an exact match on a barcode search and a UUID search.  This is a standard default among developers.  But the Users module is not a discovery system, so that strategy for searching is unproductive.

UM-SIG strongly preferred that we be able to do exact-match searches on last name, e-mail address and external system ID.  Also, since a drop-down box for selecting the field to search exists in the Inventory module, we'd like one for Users.

  • Patty will write a Feature Request for the enhancement os User search

Is there a canonical bulk loader for users?

This question was asked on Slack, and Theodor Tolstoy gave the answer that yes, there is.  It is the module mod_user_import.  That should be used for loading users.

Deleting User Records

This was brought up in a Slack channel, and that discussion implied that deleting records was a messy business.

Patty W. recommended that we deactivate users instead of deleting them.  Uschi K. said that was not an option in Europe, because the GDPR has to allow user data to be deleted.  Björn M. asked if a deletion feature was implicitly in the MVP.  No one could say if that was true.  Erin brought up Jira ticket UIU-1079, where a user might be anonymized on an individual basis, then purged later.  It may be possible to anonymize, then purge, a user, to comply with GDPR, but it's certainly not ideal.

  • Patty will create a feature request for deleting user data.

The specs:

  • Delete a user record.
  • Check for loans, requests and fines; Don't do the deletion if loans, requests or fines exist.
  • User permissions lock down the ability to delete a user.
  • Check for other dependencies.
    • closed loans: some institutions might want to delete even though. Perhaps a configurable per Settings?
  • We should be able to delete a user record through the API or the GUI.
    • API for batch deletions, GUI for individual deletions.

PIN for User Records

Discussion requested by Björn M.

A PIN is not the same as a password.  Earlier, FOLIO project heads considered them to be the same.  However, a PIN would be easier to use with a Self-CKO machine, especially with a line of people waiting behind you.  If you're seen inputting a PIN at a public touch screen, it would be easier to change your PIN than it would to change your password in the campus IdM system. 

This was marked "Not needed" by most institutions in UXPROD-1811

  • Patty will ask Magda (the reporter on this Jira ticket) for a status.  It may not be a UM-SIG issue.

Open Topics

ItemWhoNotesDiscussed Today?Resolution / Next StepsCarry topic?

Searching by specific fields

Erin

Right now Users has general keyword searching; we will want to be able to search specific fields - IDs, emails, addresses, notes?

Perhaps one of these issues fits:

UXPROD-1015 - Getting issue details... STATUS

UXPROD-907 - Getting issue details... STATUS (New feature)

UXPROD-869 - Getting issue details... STATUS (Epic)

UXPROD-1941 - Getting issue details... STATUS (new feature)

UIU-1028 - Getting issue details... STATUS (Story)


Yes.
  • Uschi did additional testing - see notes from 2019-09-11 Meeting notes
  • Erin to discuss with RA SIG requirements for fielded searching
  • Erin to investigate a searching 
  • Patty will create a Feature Request.
Yes; this is not yet resolved.
Pop-ups on user transactionsSteffinotes may be used for communication about users, and pop-ups on user transaction (or displaying of notes) is desired. Khalilah indicated this should be raised as a new feature request.
  • May need to be raised with RA SIG

Bulk User importErin

Does anyone know (or can tell me) what the current, supported approach is (or will be) for bulk importing user records? I can see a github for mod-user-import, jiras for that project with comments that ask if that mod is still being supported. |I can see a very old jira (https://folio-org.atlassian.net/browse/MODUSERS-3) for bulk-loading that was last updated last year.I can see a very old jira about performance improvements (https://folio-org.atlassian.net/browse/MODUIMP-4) that was last updated last 


YesTheodor Tolstoy said there was a canonical loader, and pointed it out in the Slack discussion.Yes; may need additional discussion in group as we go.

Deleting User Records

Erin

Discussing the need for deleting patron records (no Jira currently; need for one discussed in comments of https://folio-org.atlassian.net/browse/UIU-1079)

UXPROD-291 - Getting issue details... STATUS

Yes
  • Patty will make a Feature Request
  • User Stories need to be writtten
Yes
Password validationUschi

refering to Action Item "Create Feature for password rules"

This is the story for the validation of passwords: MODLOGIN-38 - Getting issue details... STATUS

Some of the rules seem to restrict too much. We would like to configure the password strength. See configuration options in the ILS the GBV libraries use now (at the bottom of this page)




Custom FieldsUschi

UXPROD-33 - Getting issue details... STATUS

the tag cap-mvp has been removed - reason? Further activities?


The tag was removed, and this was dropped from the MVP due to capacity (discussed at RA SIG meeting)

We can and probably should review the requirements that Khalilah has generated; they are attached to the master Jira.

Yes
Discussion on PIN needs for user recordsBjorn, others?Important to discuss - Because the entry of an account password (e.g. university login) in a public space, e.g. self-checkout is not very protective. The input, especially in vertically hanging touch screen monitors, is not protected from the view of others behind me. Also, if I feel someone has been watching me, I can simply change my PIN without having to change my account (university) password. This provides extra security. The principle should be the same as with a bank card, where the account password and card PIN are different. We'd all be surprised if it wasn't that way with our bank, I think. Leipzig does not need this urgently, because we need at least another 2 years for go-live. But in the long run all Saxon libraries need this.Yes.Patty will check back with the reporter of UXPROD-1811Yes

Password validation in the ILS of GBV libraries (called "LBS")

In our current ILS we can set these options:

# minimum length, default=0
# Maximum length, default=length of the newly entered password.
# Minimum number of lowercase letters, default=0
# Minimum number of capital letters, default=0
# Minimum number of digits, default=0
# Minimum number of special characters, default=0
# List of allowed special characters, e.g. /$%_-
# Unauthorized words separated by a comma. The user number is generally not allowed. Example: not,yet,or


Translated with www.DeepL.com/Translator