2019-10-09 User Management Meeting notes
- Uschi Klute
Meeting URL
Date
Attendees
- Maura Byrne
- Uschi Klute Klute
- Philip Robinson
- Jana Freytag
- Catherine Smith
- Michelle Suranofsky
- Nancy Burford
- Wayne Schneider
- Stefanie Sußmann
- Thomas Paige
Goals
Notetaker: ???
- Additional fields. While talking about implementing Users, some RA folks said that there were some things, like Statistical fields, that are essential to our functioning. We were going to use custom fields for that, but I was asked whether other libraries needed Statistical fields. If there were enough of us who needed statistical fields, we could advocate for them as additional fields instead of custom fields. The discussion has begun in Jira ticket
UXPROD-1295 - Users App: Add phone number type and email validation to user records Closed , and I’d like to have some discussion at our meeting. Wayne Schneider from Index Data will be joining us for this part of the meeting, so I’m putting it first.
More JIRAs for this topic:UIU-1196 - Users App: Create/Edit/View Form: External System IDs Open
- Statistical fields
- Björn (cannot attend today) wrote: Regarding Statistical fields, Leipzig would use Custom fields for that.
- Statistical Categories
- We had discussed as part of departmental field - ended up deciding for that as a default field with its own Jira
- Sense that we would use custom fields for these needs?
- External System ID: discuss the mockup: https://issues.folio.org/secure/attachment/21777/NEW%20external%20ID%20to%20UI.png
- Statistical fields
- Patron Notes: We had this on the agenda last week, but we postponed.
Notes, especially regarding tickets for external ID and departments- Feature request for notes on records being displayed in pop-up or other contexts. (Steffi)
- Because this involves the Check in and Check Out apps, this may end up needing to be a feature request for RA to manage.
- Last week we had a discussion about whether blocks would function - can we get an information block? Or something on the notes with a flag?
- Active/Inactive vs. Expiration date. Patty has updated
UIU-1255 - Changing user status to inactive requires expiration date change but no error message appears to tell you that Closed . Patty wants to discuss what we think would be the requirements to get this to work the way we want it to.
- Björn wote: Regarding Active/Inactive vs. Expiration date I think Active/Inactive should be able to be set manually at any time and Inactive should also be triggered by Expiration date. An error message that the expiration date must be set (as stated in UIU-1255 screenshots) is not a good option for us.
- Erin: Cate Boerema mentions in a comment that she thinks that part of the buggy behavior is because we are trying to allow both things – manually setting it, and having it controlled by the expiration date. She may be getting developer feedback in that, I don’t know.
Because we have decided that an expired account should not be allowed to be active (which makes sense, logically) there needs to be some sort of code that connects the two features.
Cate mentions a use case where FOLIO active / inactive controls the ability to log in. I know that Jana has also mentioned that too many password errors flips a user to inactive as well. So, we have use cases (from this and from https://folio-org.atlassian.net/wiki/display/UM/Active+and+Inactive+Status)
- If a user record exists, but they should not be allowed to log in, you would flip the patron to inactive.
- Presumably you could also do this by removing all permissions from the record.
- This is a manual use case.
- If a user tries a bad password too many times, they become inactive.
- This is a basic need – if we removed it, it would have to be compensated for somewhere else.
- This is an automated use case.
- Patron has lost their card, or access to their account needs to be temporarily suspended.
- This falls under the category of “temporary suspension of patron privs” as opposed to temporary suspension of operator privs.
- This could potentially be handled through user blocks.
- This is a manual use case.
- If a user record exists, but they should not be allowed to log in, you would flip the patron to inactive.
FYI: More Wiki pages for Users (by Erin): Users App and Settings - Users and Settings - Circulation - Circulation Rules Editor
If we have additional time:
- Multiple Phone numbers
- multiple e-mail addresses - There is no JIRA for this? (Uschi)
- More topics from the Open Topics list
Action items from last meetings
- (Too strict) Password Rules
- Patty will talk to Khalilah
- Can group decide on changes we would like to see?
- Was password strength covered by the Security Audit - were there requirements there that they were trying to meet?
- We need password strength checking through the New User process - right now, the new user creation allows any password, and the rules kick in with password change.
- But, if you create a new user with an empty password, you can then send them a link to create a password and that does follow the rules
- Do we know where the feature is for tenant level control / customization?
- Patty will ask Khalilah just to confirm what's being planned for Custom Fields
- Patty will reach out to Holly to get a sense of what might be possible concerning Notes
- Patty will create a feature to add validation to the (required) e-mail field
(see also - Patty will file a bug or feature to have Expiration date and Status actually decoupled from each other. (also refering to
- Patty creates a JIRA issue: The field Birth date is not validated, you can enter a date in the future.
- Patty suggests that Theodor Tolstoy presents the Chalmers SSO solution to us at one of the next meetings. Patty will reach out to Theodor to see about scheduling a time.
- Patty will file a feature to work on password rules. It's difficult to find out which character combinations are allowed → It's not userfriendly. Proposal: make the password strength configurable
-
- Patty will work on a story for preferred name/preferred pronouns
- Patty will create a feature request for deleting user data.
- Patty will ask Magda (the reporter on
Notes
- ...
- ...
Open Topics
| Item | Who | Notes | Discussed Today? | Resolution / Next Steps | Carry topic? |
|---|---|---|---|---|---|
Searching by specific fields | Erin | Right now Users has general keyword searching; we will want to be able to search specific fields - IDs, emails, addresses, notes? Perhaps one of these issues fits:
|
| Yes; this is not yet resolved. | |
| Pop-ups on user transactions | Steffi | notes may be used for communication about users, and pop-ups on user transaction (or displaying of notes) is desired. Khalilah indicated this should be raised as a new feature request. |
| ||
Deleting User Records | Erin | Discussing the need for deleting patron records (no Jira currently; need for one discussed in comments of https://folio-org.atlassian.net/browse/UIU-1079)
|
| ||
| Password validation | Uschi | refering to Action Item "Create Feature for password rules" This is the story for the validation of passwords:
Some of the rules seem to restrict too much. We would like to configure the password strength. See configuration options in the ILS the GBV libraries use now (at the bottom of this page) | |||
| Custom Fields | Uschi |
the tag cap-mvp has been removed, but development goes on
| The tag was removed, and this was dropped from the MVP due to capacity (discussed at RA SIG meeting) We can and probably should review the requirements that Khalilah has generated; they are attached to the master Jira. | ||
| Relevant JIRAs we talked about |
| yes |
UXPROD-869