2024-4-2 Consortia SIG Notes

Discuss the most important functions of managing user access and permissions at the consortia level. What do administrators traditionally spend most of their time doing (Eg. Maintaining permissions sets, trouble shooting user permissions issues etc.)? Do libraries sharing an ILS system tend to use similar permissions set? Are they controlled centrally or would there be value in controlling them centrally?

As a consortial administrator, managing permissions, what are our priorities/requirements. 

GALILEO sets permissions at the individual libraries.
Stanford sets permissions at the consortial level, agrees on PSets. Then those PSets are assigned at a lower level.
Default set of permissions at the upper level would be good. Then ability to set more at the individual level.
Corrie agrees with a "share the knowledge" approach. 
Lucy ability to run reports, who are named users, who has which permissions/roles. 
We do have some reporting needs on our reporting spreadsheet

Dennis: Are there pain points associated with duplicating PSets or roles?
Lucy: They don't change regularly.

Nested PSets: Handy at not having to add same permissions to multiple PSets. We're supposed to be able to limit the permissions we can assign to those we have, but that isn't working.  Probably PSets are better than duplicating a set of permissions in order to add/subtract from it for someone.

How to figure out what's wrong if a user can't do something.  Compare with the permissions of someone that CAN do the thing to see what's missing.  Stanford sometimes looks at the pod logs. Would be helpful to be able to duplicate a complete user so we could make a test user with same permissions.  Dennis has heard before that it would be nice to be able to act as another user (but not BE that user or log in as that user)

Centrally defined roles. Dennis assumes they would not be editable? Lucy agrees that having some "templates" at the consortial level that could not be changed would be good. But they could grab a template and then modify/save it locally.

Dennis: We are looking for a mechanism for the creation of a centrally managed template. Idea is you would be able to create a role in the central tenant and have that propagated out to the related tenants where it could be used. Only editable centrally.  Could be duplicated in the related tenants. This is impacted by the re-platform that's happening.  Now called roles and policies. These could be managed in the consortium manager. Doesn't look like nested roles will be a thing. Users can have roles and independent capabilities.  Looking at time-based and location-based policies, not just user-based.

From last meeting: 

(Noah) We should do a survey about perceived gaps, 3rd party integrations needed. Corrie and Noah will do a draft for discussion. Ask about timing folks are considering for moving/implementations. Will be posted on folio-general channel, send it "anywhere and everywhere."

Draft list of questions

Dennis is planning to do a ECS-related presentation, circulation, requests management, user management, etc. Multiple PO's are involved in all this.