Re: [Koha-devel] Intranet Security

[Dave Thorne]

I must say that although the library I am speaking on behalf of would not need more than one layer of security abstraction, for larger systems I believe it would be necessary. In order to make Koha as 'marketable' as possible (in the least capitalistic way) such a permissions based user environment would be greatly preferred, giving more configurability (and therefore leaving Koha available to a wider potential user base) which can only be a good thing. As long as the extra work required to manage such permissions is kept to an absolute minimum so as not to impinge on the experience of smaller libraries we should be on to a winner. How about permission groups? Then you could set up 'desk clerk' and 'librarian' as two seperate groups (or user types) with the associated permissions set to the groups, and simply add users to or remove them from these groups. The act of setting every possible permission for a new user is then made a thousand fold easier.

Although I admit I have not yet looked at the user administration section in detail, I can't imagine it would take much to implement. Any comments?

Dave

----Original message from jferraro follows----
I have been thinking about the current intranet security setup whereby any staff member can access any part of the intranet. Is this the policy in the libraries that are currently using Koha? It may be important to some of the larger systems (where more than a dozen people are using the intranet) to increase the levels of password protection. My concern is less of a control issues and more of an "oops I just deleted our main branch" issue. Even adding one more layer by seperating the admin from the normal staff functions might be useful. Even better, maybe users could be added and given "permission" to access parts of the intranet. What does everyone think?
Joshua

---

Want your email in a hurry? Get Hotmail direct to your mobile